On Thu, Jul 23, 2009 at 07:04:57PM -0700, Kelvin Raywood wrote: > Connie Sieh wrote: > >>The yum-conf should have been updated automatically unless it has been > >>changed and in that case the .rpmnew was made. > > Yes. This is the whole point. If you have modified the .repo files to > enable signature checking, then your .repo files will not automatically > get the path to the new key. Thus packages in the repo signed with the > new key cause updates to fail.
>From security side, I think it is good that the attempt to automatically change the SL keys had failed. Just think - what if instead of good Connie, these were evil hackers who broke in into the SL master repository and pushed a trojan yum config package with trojan gpg keys. They would own every SL machine everywhere, overnight. Perhaps the changing of a master signature is a very significant event that has to be handled manually. (think "checks and balances"). -- Konstantin Olchanski Data Acquisition Systems: The Bytes Must Flow! Email: olchansk-at-triumf-dot-ca Snail mail: 4004 Wesbrook Mall, TRIUMF, Vancouver, B.C., V6T 2A3, Canada
