RPM

MeeGo need a stronger gpg check mechanism which base on rpm package

Bug #635492 reported by Jeff Johnson on 2010-09-11

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	MeeGo	Fix Released	Medium	meego-bugs #3622
	RPM	Triaged	Low	Unassigned

Bug Description

tracker

Tags:

Revision history for this message

Jeff Johnson (n3npq) wrote on 2010-09-11:

http://bugs.meego.com/show_bug.cgi?id=3622

tags:

added: meego

Revision history for this message

Jeff Johnson (n3npq) wrote on 2010-09-13:

rpmlib can be enabled to verify every package signature whenever read.
This is typically disabled by metainstallers like zypp/yum/smart.

But all depends on what your threat model is ... there's usually
no reason why every package signature needs to be continually
verified; once is often sufficient.

tags:	added: crypto
Changed in rpm:
status:	New → Triaged
importance:	Undecided → Low

Bug Watch Updater (bug-watch-updater) on 2011-02-01

Changed in meegolinux:
status:	Unknown → In Progress

Bug Watch Updater (bug-watch-updater) on 2011-02-05

Changed in meegolinux:
importance:	Unknown → Medium

Bug Watch Updater (bug-watch-updater) on 2011-03-17

Changed in meegolinux:
status:	In Progress → Fix Released

Bug Watch Updater (bug-watch-updater) on 2011-03-22

Changed in meegolinux:
status:	Fix Released → Unknown

Bug Watch Updater (bug-watch-updater) on 2011-03-31

Changed in meegolinux:
status:	Unknown → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Related blueprints

Implement mandatory signature checking

Remote bug watches

meego-bugs #3622
[VERIFIED FIXED] Edit

Bug watches keep track of this bug in other bug trackers.