[CentOS-devel] Re: Point yum repos to centos gpg key in /etc/pki/

Scott Silva ssilva at sgvwater.com
Mon Feb 25 21:30:37 UTC 2008


on 2/25/2008 12:50 PM Peter Kjellstrom spake the following:
> On Monday 25 February 2008, Scott Silva wrote:
>> on 2/25/2008 10:40 AM Jeff Sheltren spake the following:
>>> On Feb 25, 2008, at 10:34 AM, Johnny Hughes wrote:
> ...
>>>> I STILL think pointing to the http://mirror.centos.org/ site is best
>>>> for the web enabled CentOS-Base.repo file.
>>> Johnny, could you let us know your reasons for wanting to point to the
>>> remote GPG key?
>> I would think if you could compromise the mirror dns list, you could have
>> malicious rpm's signed by a malicious key, and have thousands of systems
>> get rooted.
> 
> I'm not sure what you're saying, but if the above happened. Then my 
> unaffected /etc/pki key would refuse your maliciously signed rpms.
> 
> And if my /etc/pki was bad then that was because my install was bad and I'm 
> f**ked anyway.
> 
> /Peter
> 
I was supporting your statement of having local keys. I just replied to the 
wrong message in the thread. Sorry  ;-P


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 250 bytes
Desc: OpenPGP digital signature
Url : http://lists.centos.org/pipermail/centos-devel/attachments/20080225/8443f4b9/signature.bin


More information about the CentOS-devel mailing list