another upgrade, another disaster
bjorn at xn--rombobjrn-67a.se
Mon Jun 4 20:55:17 UTC 2012
Adam Williamson wrote:
> On Sun, 2012-06-03 at 19:56 +0200, Björn Persson wrote:
> > I also won't install anything that I haven't checked the PGP signature
> > on. That excludes netinst.iso and Preupgrade, and if I use Anaconda I
> > have to be careful to not let it download anything.
> The checksums of the images themselves are signed, and the images are
> built by the same team that controls the process for signing individual
> packages, using a process by which only packages from the Fedora build
> system could possibly be included.
> You can't logically claim to trust the individual packages but not trust
> the signatures on the DVD/netinst images. They are precisely equally
Once I have verified the signature on an ISO image I trust the packages and
other software that is included in that image. If that software downloads more
packages off the Net, then I don't trust those packages unless the signatures
on those packages are being verified. Anaconda doesn't verify package
signatures (bug 998), so I don't trust Anaconda to download packages.
Preupgrade also didn't verify any signatures last time I checked, so I don't
trust Preupgrade. Yum, on the other hand, does verify the package signatures,
so I trust Yum. (I always check that all repositories that are configured with
"enabled=1" also have "gpgcheck=1". I really hope Yum doesn't ignore that
So the available options are:
· netinst.iso: downloads packages and installs them unverified ⇒ unacceptable
· DVD with the updates repository enabled: downloads packages and installs
them unverified ⇒ unacceptable
· DVD without the updates repository: installs only packages included in the
DVD image, which I verified ⇒ OK (at least from a security point of view)
· Yum: downloads packages, verifies them, and then installs them ⇒ OK
· Preupgrade: downloads a kernel, a ramdisk and packages, and installs them
unverified ⇒ unacceptable
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 190 bytes
Desc: This is a digitally signed message part.
More information about the devel