[CentOS] yum/RPM and Trust on First Use

Sun Dec 20 22:28:30 UTC 2015
Gordon Messmer <gordon.messmer at gmail.com>

On 12/20/2015 12:44 PM, Alice Wonder wrote:
> The point I'm trying to make though is that yum could benefit from the
> ability to verify the fingerprint in a key it is importing matches a
> DNS query for the user and domain the key claims to be for.

I think we understand your point.  The solution that you're proposing 
guards the system against compromise from data that's already in /etc. 
In my mind, that's too late.  An attacker that can put data in /etc can 
overcome any protections you put in place.  I agree with you that 
packages should never be installed by rpm over http/ftp, because there's 
no signature verification in that case. But yum isn't involved in that, 
so I can't see a rational case for modifying yum to protect the system 
after you install an untrusted rpm.  It sounds like you're trying to 
close the barn door after the horses have already left.

In any case, development of yum has ended.  It's been replaced by dnf. 
And this is the wrong place to discuss improvements to either.  CentOS 
is a rebuild of Red Hat and nothing more. Improvements need to happen 
further upstream.