> now fedora and freshrpms are trustworthy folks - but joeblow might not > be or none of their security might be good enough and the default.repo > for joeblows might normally be: While fedora and freshrpms might be trustworthy, DNS is not. This seems like a pretty lucrative target for DNS cache poisoning or DNS spoofing [1], which would allow anyone to take over any machine using this feature and non-gpg signed rpms. This would be a sufficiently scary feature that I'd recommend that no one ever use it. But that doesn't mean it shouldn't exist. In an environment where you can actually trust (1) the DNS servers, (2) the network between you and the DNS servers and (3)the repo servers, you should be okay. Similarly, if DNSSec ever exists, or if you're using gpg, you should be okay. But there should be warnings all over the place not to use the feature unless you understand the implications. Eric. [1] http://www.watchguard.com/glossary/d.asp
