[prev in list] [next in list] [prev in thread] [next in thread]
List: linux-poweredge
Subject: Re: [Linux-PowerEdge] RPM repo GPG key changed
From: James Mathiesen <jmathiesen () tripadvisor ! com>
Date: 2018-06-29 13:07:42
Message-ID: 2BC19C01-3BA3-43CB-94A3-0786AF14D22C () tripadvisor ! com
[Download RAW message or body]
Dell,
We also use Spacewalk and the limitation Jeff mentions will be a problem for us as \
well.
There is no customer benefit in using stronger keys and signature algorithms if Dell \
doesn't stop requiring trust in the weaker keys and signature algorithms. A complete \
transition would have been disruptive but at least be a one-time cost with a clear \
fix, clear benefits and a clear end-state. Using the existing 1024-bit key with a \
stronger signing algorithm would have been non-disruptive but provide lesser \
benefits.
If there is a commitment to improving customer security I don't see how this specific \
change was a useful intermediate step. If there is no commitment to improving \
customer security this change was a waste of everybody's time.
james
On 6/28/18, 9:36 PM, "Linux-PowerEdge on behalf of Gottloeb, Jeff [US] (ES)" \
<linux-poweredge-bounces@dell.com on behalf of jeffrey.gottloeb@ngc.com> wrote:
Chandra,
Please provide the justification for not signing all of the RPMs with the new \
key. There are Dell customers with systems that do not have Internet connectivity \
and therefore need other solutions to manage the DSU and OMSA repositories. Red \
Hat's disconnected Satellite server is one method designed for this purpose but it \
does not support multiple GPG keys for the same repository.
Is there a target date when all of the RPMs will be signed with this new key?
Jeff Gottloeb
Northrop Grumman IT Solutions
310 812 4395
_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.us.dell.com_mailman_lis \
tinfo_linux-2Dpoweredge&d=DwICAg&c=9Hv6XPedRSA-5PSECC38X80c1h60_XWA4z1k_R1pROA&r=CfAaY \
CQEf7pGoAdbq0Icw0twCvsk5y-CVhkNDSSJWU0&m=7-VNCLmkBGYWR-b1BySKceKLSMsi72ECRpu5UYm29r0&s=age2iN5lvS7avxm90dRrt9mbQtsQZeHC_SJO-GL-57I&e=
_______________________________________________
Linux-PowerEdge mailing list
Linux-PowerEdge@dell.com
https://lists.us.dell.com/mailman/listinfo/linux-poweredge
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic