[CentOS] yum/RPM and Trust on First Use

Sun Dec 20 00:54:51 UTC 2015
Alice Wonder <alice at domblogger.net>

On 12/19/2015 10:27 AM, Always Learning wrote:
> On Sat, 2015-12-19 at 09:49 -0800, Alice Wonder wrote:
>> DNS verification solves that issue.
> How reliably safe is that ?
> Crack the DNS access and inflict viruses, trojans etc. with authorised
> impunity ?
> Happy Christmas.

No, if you manage to crack the DNS you can not do anything but a DOS 
attack unless you also managed the get the DNSSEC signing key, which 
does not need (and should not be) to be on the DNS server.

Manage to get the signing key, and the only consequence is the attacker 
can make fraudulent DNS entries that would validate - same as with GPG 
or any other private / public key cryptographic signatures.