YUM security issues...
seth vidal
skvidal at fedoraproject.org
Mon Jul 28 19:22:59 UTC 2008
On Mon, 2008-07-28 at 14:25 -0400, Jesse Keating wrote:
> On Mon, 2008-07-28 at 12:07 -0500, Matt Domsch wrote:
> > 1. repomd.xml needs to be signed. Either attached or detached sig
> > (advice sought). If attached, format would be
>
> I would prefer a detached sig, so that the checksum of repomd.xml itself
> doesn't change if the GPG sig for it does. This is important as there
> are control files in the compose to track consistency of the tree
> itself, and having the repomd.xml change it's key would invalidate this
> control file.
>
detached sig definitely. Independent of how (or why) this is done we
will maintain backward compat. Signing the repomd.xml directly will not
allow backward compat (nor cross compat with apt/smart/etc).
I've already written the code for the detached sig - it'll be checked
into yum upstream this afternoon.
-sv
More information about the infrastructure
mailing list