You are viewing an old version of this page. View the current version.
Compare with Current
View Page History
Version 1
Next »
Table of Contents
|
To assist our users in verifying the authenticity of our software releases, we digitally sign them. As of Fedora 3.3, this is part of the Fedora Release Process, and requires that the committer doing the final build for distribution uses their code signing key.
Requirements
We have borrowed heavily from the release signing policy used by the ASF.
When generating your code signing key:
- Use a 4096 bit RSA key with SHA512 hash
- Use your real name, preferred email address, and "CODE SIGNING KEY" as the comment.
- Use a strong password to protect your key
Once generated, you should:
- Keep your private key file on a safe, secure computer, and make sure you have a secure backup.
- Never use this key for purposes other than code signing or signing other keys.
Generating Your Key
Carefully follow the instructions here to generate your key.
Note: Popular binaries for GnuPG 2.x can be found here:
|
#trackbackRdf ($trackbackUtils.getContentIdentifier($page) $page.title $trackbackUtils.getPingUrl($page))