I've been following the security thread here for a while, though I probably did jump in somewhere during the middle of the whole thing. It seems that there are good and bad points to nearly every suggestion which is perfectly normal, but what exactly are the goals going to be? At this point, the biggest boost to yum security I see can come from 3 areas 1. Modular configs (already in the works. thanks guys) 2. Authenticated repositories accessible via https 3. A method of configuring which packages come from what repositories.( maybe comps.xml style) I really don't see a huge boost from gpg sigs at this point because you could still get a gpg signed package from a 3rd party repository capable of ruining your system. Lets face it, unless you build it yourself, you're really at the mercy of the packager. Anyway, that's just my random $0.02. Next email I'll try to put my question at the end of the blathering instead of the beginning. -- Jim P. "These days, there are far too many obstacles between stupidity and natural selection"
