Are the Jolla Store rpms signed?

Question

5

Are the Jolla Store rpms signed?

asked 2013-12-27 15:42:38 +0300

AL13N
6834 ●79 ●106 ●111

updated 2014-01-31 00:34:09 +0300

ssahla

10167 ●110 ●153 ●164

Are the Jolla Store rpms signed by jolla? so that you can be sure that the download completed correctly and the signature matches from Jolla?

add a comment

Answer 1

1

answered 2013-12-27 16:28:29 +0300

penpen
2133 ●21 ●36 ●37

updated 2013-12-27 16:31:24 +0300

Some of the packages are signed. For example jolla-alarm-ui has a signature:

$ rpm -qi jolla-alarm-ui
Name : jolla-alarm-ui
...
Signature : DSA/SHA1, Wed 27 Nov 2013 13:46:05 EET, Key ID 68ebdd7df2633ee0
...

But for example "less" isn't signed: Signature : (none), but I think I installed that from mer-tools repository that needs to be activated separately.

link

add a comment

Accepted Answer

1

answered 2013-12-30 14:20:59 +0300

Sfiet_Konstantin

6385 ●45 ●72 ●97

http://sfietkonstantin.wo...

Jolla RPM seems to be signed by Jolla, however, other Harbour applications, like puzzlemaster, are not signed.

[nemo@localhost ~]$ rpm -qi harbour-puzzle-master
Name        : harbour-puzzle-master
....
License     : GPLv2+
Signature   : (none)
...

link

Comments

so, the signing is left to the app provider... not sure if that's a good idea...

I would prefer harbour apps to be signed by some harbour key

AL13N ( 2013-12-30 18:04:54 +0300 )

I agree. Better open a new post to ask for them to be signed ?

Sfiet_Konstantin ( 2013-12-30 18:09:49 +0300 )

@Sfiet_Konstantin i did so here

AL13N ( 2013-12-30 18:28:08 +0300 )

add a comment

Are the Jolla Store rpms signed?

2 Answers

Comments

Question tools

Stats

Related questions

Are the Jolla Store rpms signed?

2 Answers

Comments

Question tools

Public thread

Stats

Related questions