tor 2008-06-12 klockan 00:43 +0100 skrev Simon Wilkinson: > And, ultimately, if the packages are getting signed without any form > of checks, do either of the latter two actually offer any more > security than the first?
Sure, there's the risk of someone gaining (or keeping) a copy of a private key they shouldn't have access to (any more) or using a key in a way they shouldn't. There's also the risk of someone placing a malicious package in a yum repository I'm using (or spoofing the HTTP server). The RPM GPG signing system is far from perfect but as long as I insist on always using it then at least someone with a malicious package would have to the both of the above to get the package into my machine. That's why I think I raise a bar a bit by refusing to add any repository with gpgcheck=0. This situation does make me wonder if perhaps it's time to start looking at how to improve or replace the RPM security system but I still think it's helpful in its current form. One can always still choose to make a local mirror and resign the packages with some other key or just continue with gpgcheck=0 even if you start signing them with some more or less secure automatic system. Still, I do understand the reasons why you might hesitate to publish a public key this way. /abo _______________________________________________ OpenAFS-info mailing list [email protected] https://lists.openafs.org/mailman/listinfo/openafs-info
