Re: [Fwd: Re: How secure is Preupgrade? Answer: Not.]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Will Woods wrote:
> Preupgrade is currently designed to be exactly as secure as an anaconda
> http install. No less, no more.

But it's not being marketed as an alternative to an Anaconda HTTP install with 
less downtime as the only improvement. It's being marketed as a safer 
alternative to a live upgrade with Yum, and as a faster, more convenient and 
less bandwidth-wasting alternative to downloading and burning DVD images. See 
this article for example:

http://www.redhatmagazine.com/2008/04/15/interview-fedora-developers-seth-vidal-and-will-woods/

The article talks a lot about how Preupgrade is better than both a Yum upgrade 
and a DVD-based upgrade, but says very little about network-based Anaconda 
upgrades, and it's completely silent about the security aspect. Here's a 
quote from the article:

"So you can upgrade with the convenience and bandwidth savings of a live 
upgrade, but without the risky craziness inherent therein."

Yeah, it avoids the risky craziness inherent in a Yum upgrade but adds instead 
the crazy riskiness inherent in an HTTP-based Anaconda upgrade. That's no 
improvement in my book. No matter what the risks with a Yum upgrade are, 
getting intruders in my computer is worse.

> Nothing's *missing*. There just aren't any signatures to check for the
> boot images, and there never have been.

For several years now, all my boot images have been included in ISO images. 
Those ISO images have been accompanied by checksum files, and those checksum 
files have been cryptographically signed. I always verify the signature and 
the checksums, and when they're verified correctly I know that all the files 
in the ISO image are clean, including the boot images.

Generating detached signatures for the boot images and putting them in the 
directory where the images are published would take at most five minutes of 
manual work for each release.

> Furthermore anaconda doesn't check the gpg signatures of packages it
> downloads and installs during http installs. Never has. That's bug #998.
> (Yes, #998. Not a typo. See https://bugzilla.redhat.com/998)

Would you like to guess why I never do network-based installs except from my 
own server directly attached with a crossover cable?

Björn Persson

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux