F41 - which image has the most programs?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

I am looking into how best to do a install without "trusting" the Internet.

What installation image has the mostest?
How much can I get on the system (need openssl, python stuff, QR code stuff) without connecting to the Internet?  After installing the OS, I would add other stuff from a repro on a DVD.  It has been YEARS since I built my own repros, but I can probably still find my notes.
This is all to establish a trail of trust for the software on a CA server with all its ports blocked with security table and making a Tamper Evident claim.
Best I can figure out is my sole risk is that the bad guy's code provides the keypair for the certs, rather than the system generating its own.  And this is hard to prove without having a fully trustable system.  At least with a Tamper Evident system, this would have to come from the code initially installed.
There are mitigations I can apply, but they take time to show that bad things happened.
Yes, no updates to the software on a system that is expected to do its job (sign certs) for 10+ years.  The root CA system may be used a couple times a year.  The intermediate auth CA probably also a couple times a year.  The intermediate issuing CA could well be doing 100k signings per day! (see IETF DRIP design for UAS Session IDs).  But it will not use a QR code protocol that requires a human or two, but a USB protocol between it and the UAS Service Provider (USS) registration system.  Only X509 stuff passed over USB (still needs to be speced).
Only the issuing CA is running all the time.  The others are vaulted and only taken out when the camera is recording.
Fun stuff!  The auditors are going to have a field day with me.  I am doing my best that I don't need to spend $100K per CA key signing with them... 


--
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/users@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux