Re: another upgrade, another disaster

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Adam Williamson wrote:
> On Sun, 2012-06-03 at 19:56 +0200, Björn Persson wrote:
> > I also won't install anything that I haven't checked the PGP signature
> > on. That excludes netinst.iso and Preupgrade, and if I use Anaconda I
> > have to be careful to not let it download anything.
> 
> The checksums of the images themselves are signed, and the images are
> built by the same team that controls the process for signing individual
> packages, using a process by which only packages from the Fedora build
> system could possibly be included.
> 
> You can't logically claim to trust the individual packages but not trust
> the signatures on the DVD/netinst images. They are precisely equally
> trustworthy.

Once I have verified the signature on an ISO image I trust the packages and 
other software that is included in that image. If that software downloads more 
packages off the Net, then I don't trust those packages unless the signatures 
on those packages are being verified. Anaconda doesn't verify package 
signatures (bug 998), so I don't trust Anaconda to download packages. 
Preupgrade also didn't verify any signatures last time I checked, so I don't 
trust Preupgrade. Yum, on the other hand, does verify the package signatures, 
so I trust Yum. (I always check that all repositories that are configured with 
"enabled=1" also have "gpgcheck=1". I really hope Yum doesn't ignore that 
setting.)

So the available options are:

· netinst.iso: downloads packages and installs them unverified ⇒ unacceptable

· DVD with the updates repository enabled: downloads packages and installs 
them unverified ⇒ unacceptable

· DVD without the updates repository: installs only packages included in the 
DVD image, which I verified ⇒ OK (at least from a security point of view)

· Yum: downloads packages, verifies them, and then installs them ⇒ OK

· Preupgrade: downloads a kernel, a ramdisk and packages, and installs them 
unverified ⇒ unacceptable

Björn Persson

Attachment: signature.asc
Description: This is a digitally signed message part.

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux