Re: Why different keys for -testing and non-testing?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sat, 17 Jan 2009, Steve Grubb wrote:


On Saturday 17 January 2009 11:59:09 am Jesse Keating wrote:

We should also make import of keys an auditable event.

Are not all rpm actions audited?


No. What I'm talking about is perhaps defining a specific audit event type
that would signify that a key was imported and where it came from. I've seen
cases where rpm tries to download keys from the network. This is one of the
few security sensitive actions that is not put into the audit system.
FWIW, rpm >= 4.6 will never try to download keys from the network unless explicitly told to do so with --import. Only 4.4.x has the "feature" to automatically try and fetch unknown keys from public keyservers, and from 4.4.2.1 onwards that's disabled by default (and every vendor has disabled it in their packages for affected versions anyway) 

	- Panu -

--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux