Re: Summary/Minutes for Wednesday's FESCo meeting (2012-12-05)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Dec 05, 2012 at 03:20:14PM -0500, Bill Nottingham wrote:

> * 960 - F18 schedule + the holidays  (notting, 18:50:29)
>   * LINK: https://fedoraproject.org/wiki/JaroslavReznik/FedupF18Final -
>     not updated yet  (jreznik, 18:58:15)

>   * AGREED: Do not block on fedup signature checking (not a regression)
>     (+:7, -:0, 0:0)  (notting, 19:08:47)

how is not providing a supported way to do secure upgrade of Fedora not
a regression? It is a big disappointment that Fedora is more and more
turning its back on security. If I remember correctly, Fedora was one of
the leading distributions providing and using signed packages. But with
time this is more and more invalidated and people are more and more
expected to install unsigned packages or not to verify them.  At least
back in 2010 malicious mirrors were still acknowledged as a security
risk for Fedora users and signed packages were mentioned as a counter
measure:
https://fedoraproject.org/wiki/Mirror_manager_security_risks
How come it became less important now? Actually it is even easier to
attack users as more and more mobile devices are used. And what is even
worse, the whole problem of not verifying packages on upgrade or the
upgrade image itself is not even prominently communicated. There is
nothing in the release notes about this:
http://docs.fedoraproject.org/en-US/Fedora/18/html/Release_Notes/sect-Release_Notes-Changes_for_Sysadmin.html#idm32350976

I am very disappointed about this and I think this this a bad decission.
:-(

Regards
Till
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux