On Tue, Sep 8, 2020, at 13:51, James Cassell wrote:
On Tue, Sep 8, 2020, at 11:12 AM, Neal Gompa wrote:
On Fri, Sep 4, 2020 at 1:10 PM Brian Stinson brian@bstinson.com wrote:
While we want signed repodata to be *available* to folks who want to enable it, We don’t want it necessarily to be the default for all users. We want it to be a decision that folks make for their own sites.
This is a very bizarre stance to take. Enabling repo_gpgcheck for the CentOS provided repos in their repo files should not harm anything else, and only further ensures the integrity of the repository content.
Is there a compelling reason to *not* change the defaults? Because from my perspective, I don't see any.
The only reason might be to prevent breaking folks who regenerate the repomd locally. Not sure whether pulp preserves the original md or regenerates its own. (I always use exactly the upstream repomd for precisely this reason of avoiding breaking repo_gpgcheck, which is often on "security hardening" checklists.)
V/r, James Cassell
-- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
CentOS-devel mailing list CentOS-devel@centos.org https://lists.centos.org/mailman/listinfo/centos-devel
There's also the fact that we make a reasonable effort to keep the repodata signatures up to date, but every signature we make is done by hand. We put our focus on delivering the bits, and delays on a repodata signature or two have been known to happen (I think I'm personally on top of the leaderboard for pushing repos before signatures by mistake, so apologies here inline for that).
Even if we were perfect, though, this is an extra part of the client/mirror relationship to troubleshoot and it seems to me that burden is best placed on folks who affirmatively know that they need this functionality.
--Brian