Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: FTP/NFS install/upgrade is unsafe, should check GPG signatures. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998 ------- Additional Comments From nman64@xxxxxxxxx 2006-04-24 22:27 EST ------- My thoughts: 1. Chicken-and-egg: What can you trust? At some point, people just have to apply a certain degree of faith. As long as their is a complete chain of cryptographic signatures, we simply have to provide a single trusted source. That source would most likely be the websites, where we already have SHA1 checksums provided. Users must simply be able to have faith in our websites. 2. Chain formation: * We provide checksums for the images on the websites. * When creating repository configurations for yum, we provide GPG key locations. * We provide key fingerprints for our repositories on the websites. * We place configurations and keys for regular repositories on the install media. * Anaconda asks for additional repository information at install time. * During the installation, missing GPG keys are downloaded *before* installation. * The downloaded key fingerprints are presented to the user by Anaconda. * The user can compare fingerprints to those from the websites. * Third-party repositories can provide the same information. * The user has an opportunity to approve or refuse each key. * Anaconda asks the user whether or not to trust unsigned or unverified packages. * Anaconda uses yum to download the packages and verify signatures. Am I missing anything? -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
