Verily I say unto thee, that Seth Vidal spake thusly: > On Wed, 18 Nov 2009, nodata wrote: >> This is a major change. I vote for secure by default. >> >> If the admin wishes this "surprise-root" feature to be enabled he >> can enable it. > > I'm not sure how this is 'surprise root'. IT will only allow installs > of pkgs signed with a key you trust from a repo you've setup. > > which pretty much means: if the admin trusts the repo, then it is > okay. You mean a trusted repo like this (serious question)?: [quote] Last week we discovered that some Fedora servers were illegally accessed. The intrusion into the servers was quickly discovered, and the servers were taken offline. ... One of the compromised Fedora servers was a system used for signing Fedora packages. However, based on our efforts, we have high confidence that the intruder was not able to capture the passphrase used to secure the Fedora package signing key. [/quote] https://www.redhat.com/archives/fedora-announce-list/2008-August/msg00012.html Did the review process for this fundamental change in Fedora's security, consider the impact of what could easily have been a serious compromise to the primary repos. Combine a potential worst-case outcome in the above incident, with root privileges to unauthorised users installing or upgrading packages, and the result is a disaster on several levels, not least of which is the PR impact for Red Hat. Will someone at Fedora start taking this issue seriously soon? -- Regards, Keith G. Robertson-Turner -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
