[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: yum.conf shipped with 1.0



On Tue, 28 Oct 2003, Dave Jones wrote:

> On Tue, Oct 28, 2003 at 05:07:11AM -0500, Alan Cox wrote:
> 
>  > 	update-daemon	queries DNS to get a TXT value to the 'current'
>  > 			bittorrent seed set (DNS is a nice scalable 
>  > 			mechanism to distribute the regularly queried info)
> 
>             + check gpg signature of signed TXT ?
> 
> Would this be sufficient against the possibilities of DNS poisoning?

As long as packages themselves are always signed, DNS attacks don't really 
matter, since Trojans will be caught anyway

later,
chris

who's well aware that packages aren't always signed, however ;-)




[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]