[Yum] yum's awesome, ideas

seth vidal skvidal at phy.duke.edu
Wed Jul 30 20:58:10 UTC 2003


On Wed, 2003-07-30 at 16:48, Aleksander Demko wrote:
> On Wed, 2003-07-30 at 15:22, seth vidal wrote:
> > well if its going to import the key for you what's the point of having
> > it on? an attacker can just trojan the key, right?
> > 
> > I could definitely see a point in having a default key listed that yum
> > will import if it can - but how do you do that safely?
> 
> Well, if you want to be completely secure, then yeah, you have to follow
> the usual public key crypto guidelines. Either get the key directly from
> the source, over a 100% secure connection or get the key signed by a
> party already in your trust ring. I think both aren't very feasible for
> the average user/organization. The process needs to be boot strapped
> some how -- perhaps a key server, but then that could be spoofed too.
> 
> But I guess RH decided to compromise, in the name of user friendliness,
> as this is exactly what up2date does. Of course up2date only talks to
> their servers so unless spoofed, a mis-matched key would be soon
> discovered.


Well it's not so much I want to be 'completely secure' - there is no
such thing - I just want to be relatively sanely secure.

what that entails I'm not certain of - so until I find an answer I'm
comfy with I'd rather not give people a by-default false sense of
security and raise the difficulty of getting started.

-sv





More information about the Yum mailing list