Are the Jolla Store rpms signed?

Question

5

Are the Jolla Store rpms signed?

asked 2013-12-27 15:42:38 +0300

AL13N
6834 ●79 ●106 ●111

updated 2014-01-31 00:34:09 +0300

ssahla

10167 ●110 ●153 ●164

Are the Jolla Store rpms signed by jolla? so that you can be sure that the download completed correctly and the signature matches from Jolla?

edit retag flag offensive close delete

Answer 1

1

answered 2013-12-27 16:28:29 +0300

penpen
2133 ●21 ●36 ●37

updated 2013-12-27 16:31:24 +0300

Some of the packages are signed. For example jolla-alarm-ui has a signature:

$ rpm -qi jolla-alarm-ui
Name : jolla-alarm-ui
...
Signature : DSA/SHA1, Wed 27 Nov 2013 13:46:05 EET, Key ID 68ebdd7df2633ee0
...

But for example "less" isn't signed: Signature : (none), but I think I installed that from mer-tools repository that needs to be activated separately.

edit flag offensive delete publish link

Accepted Answer

1

answered 2013-12-30 14:20:59 +0300

Sfiet_Konstantin

6385 ●45 ●72 ●97

http://sfietkonstantin.wo...

Jolla RPM seems to be signed by Jolla, however, other Harbour applications, like puzzlemaster, are not signed.

[nemo@localhost ~]$ rpm -qi harbour-puzzle-master
Name        : harbour-puzzle-master
....
License     : GPLv2+
Signature   : (none)
...

edit flag offensive delete publish link

Comments

so, the signing is left to the app provider... not sure if that's a good idea...

I would prefer harbour apps to be signed by some harbour key

AL13N ( 2013-12-30 18:04:54 +0300 )edit

I agree. Better open a new post to ask for them to be signed ?

Sfiet_Konstantin ( 2013-12-30 18:09:49 +0300 )edit

@Sfiet_Konstantin i did so here

AL13N ( 2013-12-30 18:28:08 +0300 )edit

Are the Jolla Store rpms signed?

2 Answers

Comments

Question tools

Stats

Related questions

Are the Jolla Store rpms signed?

2 Answers

Comments

Question tools

Public thread

Stats

Related questions