[Yum] Yum security issues
Jim Perrin
perrin at ohio.edu
Sat Oct 4 18:49:57 UTC 2003
I've been following the security thread here for a while, though I probably
did jump in somewhere during the middle of the whole thing. It seems that
there are good and bad points to nearly every suggestion which is perfectly
normal, but what exactly are the goals going to be?
At this point, the biggest boost to yum security I see can come from 3 areas
1. Modular configs (already in the works. thanks guys)
2. Authenticated repositories accessible via https
3. A method of configuring which packages come from what repositories.(
maybe comps.xml style)
I really don't see a huge boost from gpg sigs at this point because you
could still get a gpg signed package from a 3rd party repository capable of
ruining your system. Lets face it, unless you build it yourself, you're
really at the mercy of the packager.
Anyway, that's just my random $0.02. Next email I'll try to put my question
at the end of the blathering instead of the beginning.
--
Jim P.
"These days, there are far too many obstacles between stupidity and natural
selection"
More information about the Yum
mailing list