Rahul Sundaram wrote:
On 11/20/2009 01:02 AM, Mohan R wrote:
Even the Fedora administrator's SSH key can be
compromised/stolen/whatever, how can you guys put weight on
package-signatures and dropped privileges to install apps?
SSH Key != GPG key. Packages are signed with GPG key. Anyway it wasn't
my decision and lot of us including me don't agree this is the right
process to follow. So let's not pain broad brushes. Alright?
I'm sure it will be alright. Also I know SSH Key != GPG, I asked that
fedora already came across an event that modified its package's GPG key
through an admin's SSH key, then how the team decided to go for this
kind of decision. Anyway things will going to be cleared quickly.
Thanks for sharing more details about that incident with us.
Regards,
Mohan R.
_______________________________________________
To unsubscribe, email [email protected] with
"unsubscribe <password> <address>"
in the subject or body of the message.
http://www.ae.iitm.ac.in/mailman/listinfo/ilugc
