Verification of flatpaks using GPG
Daniel Kasak
d.j.kasak.dk at gmail.com
Wed Jun 5 23:30:09 UTC 2019
On Wed, Jun 5, 2019 at 10:36 PM Martin Sehnoutka <msehnout at redhat.com>
wrote:
> So the author of the flatpakrepo file must be in charge of the DNS
> server responsible for the mailserver domain. e.g. for Fedora signing
> keys this key:
> fedora-29 at fedoraproject.org
> maps to this domain:
> 557d8ff0f0f4c6c9fc7140670cc85400dcee5aeb1ac2412e90f41e45._
> openpgpkey.fedoraproject.org
>
> and you can get the key like this:
> $ dig <the-domain-from-above> OPENPGPKEY
>
> Of course it could be a problem for an individual who uses email from
> Gmail or similar server.
>
> I hope this answers the questions above.
>
Ah. This partially answers some questions I had about gpg-signing. I'm
using a dyn dns account to host our repo, and I don't host my own email (
any more ). Does that mean there is *no* way for me to produce a gpg-signed
repo ( that clients can install / update without being root )?
Dan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/flatpak/attachments/20190606/a9fa1226/attachment-0001.html>
More information about the Flatpak
mailing list