F19 DVD over size - what to drop?

Florian Weimer fweimer at redhat.com
Mon May 6 07:40:30 UTC 2013


On 05/04/2013 08:03 AM, Chris Adams wrote:
> Once upon a time, Mike Pinkerton <pselists at mindspring.com> said:
>> On 3 May 2013, at 15:07, Chris Adams wrote:
>>> Once upon a time, Mike Pinkerton <pselists at mindspring.com> said:
>>>> Does anaconda check package signatures for the netinstall?
>>>
>>> I believe so.  Checksums are definately checked (RPM won't install a
>>> corrupt package).
>>
>> Are you sure that signatures are checked?  If so, why this feature?
>
> I thought that feature had been implemented, but the status page only
> shows 5%.  The in-package checksums (along similar lines to the DVD
> media check) are checked, but not the signatures.
>
> However, unless your installer image is signed, checking RPM signatures
> in anaconda is pointless (which is why the feature you mentioned is
> based on Secure Boot).

Unfortunately, Secure Boot does not help here.  I already explained why 
Secure Boot is unusable for boot image verification:

http://lists.fedoraproject.org/pipermail/devel/2013-January/176051.html

Just because something is signed doesn't mean that it's harmless to run.

> Creating a complete chain of trust is hard.

It's relatively easy to avoid trust in the Internet and the Fedora 
mirror network.  It's not entirely trivial because we'd need overrides 
(or ways to inject key material) for additional repositories added with 
Kickstart.

-- 
Florian Weimer / Red Hat Product Security Team


More information about the devel mailing list