YUM security issues...
Josh Bressers
bressers at redhat.com
Mon Jul 28 17:43:29 UTC 2008
On 28 July 2008, Matt Domsch wrote:
> Seth, James Antill, and I met a week ago to discuss. These are the
> steps we believe are necessary to resolve. I didn't realize this
> hadn't been posted yet.
>
>
> 1. repomd.xml needs to be signed. Either attached or detached sig
> (advice sought). If attached, format would be
>
> <repomd></repomd>
> delimiter / size of above ?
> signature
>
>
> 2. mirrormanager will start using metalinks or something quite like
> that, to publish the repomd.xml file pointers on the various
> mirrors worldwide. This will include typed checksums, a time
> stamp, and a file size, plus the various URL methods and countries
> for the mirrors. (I've been coding this on planes this week).
>
> One challenge here is that the metalink XML format doesn't allow for
> >1 set of attributes for a given file. We would like to include
> attributes for repomd.xml for the last several days, because slightly stale
> mirrors really are OK (pending rsync).
>
> 3. mirrormanager requests will use https.
>
> 4. yum will enable https cert verification and CRL checking. Right now it
> secures the stream but doesn't verify the cert.
>
> 5. yum will grow repomd.xml signature check
>
> 6. yum will grow metalink parsing
>
> 7. fedora-release yum.repos.d/* files will point at the new
> metalink=https://mirrors.fedoraproject.org/metalink?... URL.
>
>
> Seem reasonable?
>
This does seem reasonable, the only question I have is how often does yum
ask MirrorManager for a new repo.xml file?
This strikes me as a good solution to the problems at hand.
Thanks guys, the work is appreciated.
--
JB
More information about the infrastructure
mailing list