[CentOS-devel] Point yum repos to centos gpg key in /etc/pki/
Daniel de Kok
me at danieldk.orgSat May 10 14:35:54 UTC 2008
- Previous message: [CentOS-devel] Point yum repos to centos gpg key in /etc/pki/
- Next message: [CentOS-devel] Package submission: thunar-thumbnailer
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
2008/2/25 Peter Kjellstrom <cap at nsc.liu.se>: > We have to assume that the install the user has is intact and uncompromised. > Why? Well, if it has been compromised in any way then not only could it > contain a malicious /etc/pki, it could of course have different gpgkey= lines > in the .repo files... Or a modified yum or RPM that only appears to do verification. I agree that we should at the very least suppose that the user verifies the installation media. As for DNS poisoning or hacking, that misery can potentially happen to everyone, and a good manner to guard against this is relying on the pre-installed key from media that was proven to be correct. So, I think this should be the default behavior. Take care, Daniel
- Previous message: [CentOS-devel] Point yum repos to centos gpg key in /etc/pki/
- Next message: [CentOS-devel] Package submission: thunar-thumbnailer
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS-devel mailing list