Subject: | |
From: | |
Reply To: | |
Date: | Fri, 24 Jul 2009 18:54:49 -0700 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
On Thu, Jul 23, 2009 at 07:04:57PM -0700, Kelvin Raywood wrote:
> Connie Sieh wrote:
> >>The yum-conf should have been updated automatically unless it has been
> >>changed and in that case the .rpmnew was made.
>
> Yes. This is the whole point. If you have modified the .repo files to
> enable signature checking, then your .repo files will not automatically
> get the path to the new key. Thus packages in the repo signed with the
> new key cause updates to fail.
From security side, I think it is good that the attempt to automatically
change the SL keys had failed.
Just think - what if instead of good Connie, these were evil hackers
who broke in into the SL master repository and pushed a trojan yum config
package with trojan gpg keys. They would own every SL machine everywhere,
overnight.
Perhaps the changing of a master signature is a very significant
event that has to be handled manually. (think "checks and balances").
--
Konstantin Olchanski
Data Acquisition Systems: The Bytes Must Flow!
Email: olchansk-at-triumf-dot-ca
Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
|
|
|