[Rpm-maint] [rpm-software-management/rpm] Remove "support" for loading keyring from filesystem (#857)
Mark Hatle
notifications at github.com
Thu Sep 26 17:25:58 UTC 2019
Yes this is actively used by the Yocto Project. It allows us to have a single location in the system that contains all of the software keys, and can be updated dynamically by authorized systems/components. Having to load keys (manually) into the rpm database, makes it very difficult to support devices that can't be serviced and have no console. Instead we can remove old keys and install new keys [passing appropriate selinux/ima/etc security methods] by updating files.
It also allows developers to open up devices for user control by installing secondary keys for user-packages to 'unlock' an otherwise locked device.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/857#issuecomment-535605541
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20190926/7345e3c2/attachment.html>
More information about the Rpm-maint
mailing list