On Mon, 8 Nov 2021 at 05:17, Samuel Sieb <samuel@xxxxxxxx> wrote: > > On 11/8/21 01:23, Demi Marie Obenour wrote: > > On 11/7/21 12:15 AM, Sumit Bhardwaj wrote: > >> It is not always about speed. There are still plenty of places in the world > >> where people are on limited data plans and to them using delta rpms makes a > >> lot of sense. They can work with slow speeds but not with high data > >> expenses. So i feel turning it on by default and having a setting to turn > >> it off is still a sane choice. Just my 2 cents. > >> > >> > >> Regards, > >> Sumit Bhardwaj > > > > I recommend that deltarpms be disabled by default as they increase attack > > surface. Users who need deltarpms to be enabled can turn them on manually. > > In the future, deltarpms should be cryptographically signed, which would > > mitigate these concerns. > > This has been discussed before. The deltarpms don't need to be signed, > it's irrelevant. The resulting rpm is signed and the signature is > checked before installing. It isn't always irrelevant. The case which worries me is where the attacks are on the tool which tries to make the RPM from the contents on the disk and the deltarpm. In this case the tool has to have root level access to reconstruct the original rpm and then apply the deltarpm to it. Currently it must assume that the deltarpm is valid until proven otherwise and so is going through untrustable data. This is a place where anyone wanting to attack people who use Qubes are most likely to focus on. [And yes that is a downstream but these sorts of attackers are going to shotgun their attack in a way which hits upstream also.] -- Stephen J Smoogen. Let us be kind to one another, for most of us are fighting a hard battle. -- Ian MacClaren _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
