On Mon, 2008-07-28 at 17:37 -0400, Jeremy Katz wrote: > On Mon, 2008-07-28 at 17:29 -0400, seth vidal wrote: > > On Mon, 2008-07-28 at 17:28 -0400, Mike McLean wrote: > > > On Mon, Jul 28, 2008 at 1:07 PM, Matt Domsch <Matt_Domsch@xxxxxxxx> wrote: > > > > 1. repomd.xml needs to be signed. Either attached or detached sig > > > > (advice sought). If attached, format would be > > > > > > I see a number of good ideas to improve the situation, but I don't > > > think I've seen anyone suggest the following. > > > > > > Would it be feasible to audit the mirror content? We have the list of > > > mirrors, we know what the content should be. I think we'd only need to > > > validate the mirrored repomd.xml, right? Doesn't seem to onerous... > > > > > > yes, yes, not perfect, malicious mirror could change the content, etc, > > > but at least we'd have some measure of detection. > > > > which is the point. A malicious mirror could safely lie to us and not > > lie to their targets. > > > > Additionally, mirrormanager DOES check the mirrors. > > Except, of course, for mirrors which are internal to a specific site and > thus can't be contacted by MM > and if they're evil then the folks involved are screwed anyway.... which, after all, is why we're in favor of repomd.xml signing -sv _______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
