Fetch pubkeys using hkp:// transport
Registered by
Jeff Johnson
In order to have a MANDATORY signature checking policy for *.rpm
packages, pubkeys (and signatures) MUST be accessible.
Using hkp:// retrieval from keys.rpm5.org is one way to achieve key distribution.
In order to automate retrieval however, the following goals must be achieved:
1) the hkp:// fetch MUST permit disabling.
2) retrieved pubkeys MUST be validated (at least at self-signing level).
This also means that expired/revoked pubkeys MUST be ignored.
3) the hkp:// fetch MUST be efficient. Repeated lookups of failed keys need
to be avoided.
Blueprint information
- Status:
- Complete
- Approver:
- Jeff Johnson
- Priority:
- Essential
- Drafter:
- None
- Direction:
- Approved
- Assignee:
- Jeff Johnson
- Definition:
- Approved
- Series goal:
- Accepted for 5.3
- Implementation:
-
Implemented
- Milestone target:
-
5.3.1
- Started by
- Jeff Johnson
- Completed by
- Jeff Johnson
Related branches
Related bugs
Sprints
Whiteboard
Implemented in rpm-5.3.1.
(?)
