[Bug debuginfod/28204] New: extend webapi / verification with forthcoming signed-contents archives
fche at redhat dot com
sourceware-bugzilla@sourceware.org
Fri Aug 6 21:11:34 GMT 2021
https://sourceware.org/bugzilla/show_bug.cgi?id=28204
Bug ID: 28204
Summary: extend webapi / verification with forthcoming
signed-contents archives
Product: elfutils
Version: unspecified
Status: NEW
Severity: normal
Priority: P2
Component: debuginfod
Assignee: unassigned at sourceware dot org
Reporter: fche at redhat dot com
CC: elfutils-devel at sourceware dot org
Target Milestone: ---
Efforts such as https://fedoraproject.org/wiki/Changes/Signed_RPM_Contents
might look stalled, but some distro builds are experimenting with this stuff
already. We may soon avail ourselves of RPMs that carry per-file IMA
signatures. If so, we should extract those signature bits and pass them back
to debuginfod clients. They may be able to offline verify the integrity of the
download, so as to not trust the debuginfod server.
--
You are receiving this mail because:
You are on the CC list for the bug.
More information about the Elfutils-devel
mailing list