On Thu, Dec 05, 2024 at 11:51:55AM +0200, Panu Matilainen wrote:
> On 12/5/24 10:42 AM, Zbigniew Jędrzejewski-Szmek wrote:
> > On Thu, Dec 05, 2024 at 08:53:05AM +0100, Jan Kolarik wrote:
> > > Hi Zbyszek,
> > >
> > > Thank you for your interest in this proposal!
> > >
> > > I'd like to see behav
On Thu, Dec 05, 2024 at 11:39:30AM -, Peter Oliver wrote:
> Zbigniew Jędrzejewski-Szmek wrote:
>
> > As to the implementation: the distro has a historical list of all keys
> > used to sign its packages. For any given release we know which keys
> > are "old". In some fixed location, distribute
Zbigniew Jędrzejewski-Szmek wrote:
> As to the implementation: the distro has a historical list of all keys
> used to sign its packages. For any given release we know which keys
> are "old". In some fixed location, distribute a file that lists the
> hashes of "old keys" (old relative to the curren
On 12/5/24 10:42 AM, Zbigniew Jędrzejewski-Szmek wrote:
On Thu, Dec 05, 2024 at 08:53:05AM +0100, Jan Kolarik wrote:
Hi Zbyszek,
Thank you for your interest in this proposal!
I'd like to see behaviour where keys for EOL releases are removed as
soon as possible. I.e. if I have upgraded to F42,
On Thu, Dec 05, 2024 at 08:53:05AM +0100, Jan Kolarik wrote:
> Hi Zbyszek,
>
> Thank you for your interest in this proposal!
>
> I'd like to see behaviour where keys for EOL releases are removed as
> > soon as possible. I.e. if I have upgraded to F42, but still have a
> > package from F39, then k
Hi Jan,
> On 5. Dec 2024, at 09:15, Jan Kolarik wrote:
>
> Although this wasn’t the main intent of the proposal, it was suggested by the
> RPM team to also consider this aspect when checking for expired PGP keys. The
> idea is to leverage the existing RPM method pgpPubKeyLint, which evaluates
Hello Clemens,
Thank you as well for supporting the proposal!
Does this mean that after switching to a more strict crypto-policy, the
> next run would remove (or propose to remove) keys that are no longer
> considered secure under that crypto-policy?
Although this wasn’t the main intent of the
Hi Zbyszek,
Thank you for your interest in this proposal!
I'd like to see behaviour where keys for EOL releases are removed as
> soon as possible. I.e. if I have upgraded to F42, but still have a
> package from F39, then keep the key for F39 so that rpm doesn't
> faceplant. But as soon as I remov
On Tue, Dec 03, 2024 at 05:18:12PM +, Aoife Moloney via devel-announce
wrote:
> Wiki - https://fedoraproject.org/wiki/Changes/Dnf5ExpiredPGPKeys
> The proposed solution is a new LIBDNF5 plugin. This plugin will act as
> a hook, checking for invalid repository PGP keys on the system before
> e
Hi Jan,
I support this proposal, it’s a good idea and it will certainly improve the
user experience in this area.
I have one question:
> On 3. Dec 2024, at 18:18, Aoife Moloney via devel-announce
> wrote:
>
> We aim to address customer issues when installing RPM packages from
> repositories
10 matches
Mail list logo
