Displaying 1 result from an estimated 1 matches for "_rpmkey".
2015 Dec 16
3
yum/RPM and Trust on First Use
...with the fingerprint of the key?
The DNS record could be DNSSEC secured (I believe Fedora already uses
DNSSEC - some of their servers anyway) and yum could refuse to ask if
the fingerprint of the key it is importing does not match the DNSSEC
secured fingerprint.
Something like TXT record for
_rpmkey.security.centos.org.
could be requested for the fingerprint for security at centos.org
Advantage over gpg keyrings is that it can be implemented by anyone
without needing to manage your keys with specific gpg keyrings, which
has always been messy.
When yum is first asked to import a key, it re...