Russ Herrold has posted a really good article on key security, which I heartily recommend to the more security-conscious.
The devil’s in the details.
2 Comments
Comments are closed.
Russ Herrold has posted a really good article on key security, which I heartily recommend to the more security-conscious.
Comments are closed.
But what good does all that do when most people will happily go fetch any unsigned package from Koji or even any random URL when prompted to do so?
@Kevin Kofler: Sure, I’m not saying everyone’s going to follow that recipe. But it’s useful for people who want to see the chain of authentication put to work by someone more diligent and knowledgeable.