Once upon a time, Matthias Clasen <mclasen@xxxxxxxxxx> said: > On Tue, 2009-02-24 at 08:18 -0600, Chris Adams wrote: > > If I'm reading the policy right, users can change PackageKit proxy > > settings and force a refresh of metadata. How much has PackageKit's > > (and yum's) code been audited for security? If I can point it at a > > proxy and force it to download data, how secure is it against attack > > (e.g. via corrupted data)? > > Can we please try to stay realistic here. > We are talking about default settings for a desktop system, where users > are expected to be able to update their systems. What is unrealistic about possible security attacks on the system? Actually updating the system requires root access; why do changing the proxy server and refreshing metadata not? -- Chris Adams <cmadams@xxxxxxxxxx> Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble. -- fedora-test-list mailing list fedora-test-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-test-list