© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
Yes.
The whole public key needs to be included in HPLIP.
This is also what our (SUSE) security team had
actually told me.
Unfortunately in my previous comment I confused
"the whole public key" with "the complete public fingerprint".
For clarification some more details:
Our (SUSE) security team suggests that HPLIP has
the whole public key included so that no longer
any key needs to be downloaded at all.
This way the chain of trust in HPLIP would be the same
as for other software (cf. Mozilla Firefox that has
certificates included which are similar to keys).
In this case the chain of trust is that the Linux distribution
ensures to get the right sources from upstream that contain
the right keys so that the Linux distributor builds binaries
with the right keys included so that finally the users of the
Linux distribution use the right keys on their systems.
This way the users of a Linux distribution need to trust
only their distribution (which they need to trust anyway)
but not some possibly obscure other parties that the
users may not clearly know in advance - e.g. whatever
web-site wherefrom whatever stuff (e.g. binaries, keys,...)
gets downloaded, installed and used on their systems.
Including the whole public key in HPLIP only solves this
particular issue. It does not solve the general issue that
by using HPLIP third-party software (proprietary plugins)
may get downloaded, installed and run on user's systems
(when users have printers that require it).