Re: fedup: does not verify source

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2012-12-18 at 02:05 +0100, Björn Persson wrote:
> Adam Williamson wrote:
> > On Mon, 2012-12-17 at 11:27 -0500, Przemek Klosowski wrote:
> > > On 12/17/2012 01:58 AM, Adam Williamson wrote:
> > > > fedup essentially automates doing yum distro-sync across a reboot
> > > > and in an isolated environment
> > > 
> > > I don't understand---the discussion started by pointing out that
> > > fedup does not check signatures, then someone said that yum
> > > distro-sync does it properly, and you're saying that fedup just
> > > automates distro-sync. At which point is the signature checking
> > > disabled then? and can it be restored?
> > 
> > anyhow, the tricky thing here lies in somehow making it safe for fedup
> > to *automatically* import the correct key for the next release. This
> > is a subtlish problem.
> 
> There's another thing that also needs to be fixed. If I've understood 
> what I've read correctly, then Fedup downloads a kernel and a ramdisk 
> which make up that isolated environment that Adam mentioned. Those files 
> aren't RPM packages and aren't signed like the packages are. Those who 
> have the secret keys need to start signing the kernel/ramdisk pair, and 
> Fedup needs to verify that signature. Naturally the signature must be 
> verified before the kernel/ramdisk pair is booted.

That, we already have a bug for and it is being worked on, I believe.
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux