> The problem with the current yum installation is that users with less > than my level of paranoia are open to cracking. And Magnus Hedemark says > in another reply on this thread that the duke servers are under heavy > load, so more mirrors may be added to the default config file. In that > case, "normal" users will then be trusting the security not only of the > Duke servers, but all other servers. One mistake, or one evil junior > sysadmin, and Microsoft will have a ball with the resulting publicity. > > In fact, the current approach really reminds me of Microsoft's approach > to security: convenience first, safety later. I would prefer to see > systems which are secure by default, with users *deliberately* having to > weaken security if they want more convenience. We need to set some standards for how to find keys to verify a repository, before we can require checking as the default. If we can figure out how to provide the gpg public keys, sensibly, I'll gladly import them, but as it stands gpg key importing is not trivial, mostly b/c figuring out which keys to trust is difficult. -sv
