On Sun, 2015-12-20 at 12:44 -0800, Alice Wonder wrote: > RPM has ability to install a package over the network. > > rpm -i ftp://example.org/foo-2.2.noarch.rpm Thanks for the new knowledge. > The point I'm trying to make though is that yum could benefit from > the ability to verify the fingerprint in a key it is importing > matches a DNS query for the user and domain the key claims to be for. > > Regardless of how the package was retrieved, this could prevent > dishonest trojan keys from being imported, especially if DNSSEC > validated the DNS query. How widespread is the problem of unknowingly importing compromised software ? -- Regards, Paul. England, EU. England's place is in the European Union. _______________________________________________ CentOS mailing list CentOS@xxxxxxxxxx https://lists.centos.org/mailman/listinfo/centos
Re: yum/RPM and Trust on First Use
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: yum/RPM and Trust on First Use
- From: Always Learning <centos@xxxxxxxxxxx>
- Date: Sun, 20 Dec 2015 21:28:27 +0000
- Delivered-to: centos@xxxxxxxxxx
- In-reply-to: <5677132C.7070909@domblogger.net>
- Follow-Ups:
- Re: yum/RPM and Trust on First Use
- From: Alice Wonder
- Re: yum/RPM and Trust on First Use
- References:
- yum/RPM and Trust on First Use
- From: Alice Wonder
- Re: yum/RPM and Trust on First Use
- From: Gordon Messmer
- Re: yum/RPM and Trust on First Use
- From: Alice Wonder
- Re: yum/RPM and Trust on First Use
- From: Gordon Messmer
- Re: yum/RPM and Trust on First Use
- From: Ned Slider
- Re: yum/RPM and Trust on First Use
- From: John R Pierce
- Re: yum/RPM and Trust on First Use
- From: Alice Wonder
- yum/RPM and Trust on First Use
- Prev by Date: Power Management
- Next by Date: Re: Power Management
- Previous by thread: Re: yum/RPM and Trust on First Use
- Next by thread: Re: yum/RPM and Trust on First Use
- Index(es):
 |