[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Why different keys for -testing and non-testing?



On Sat, 2009-01-17 at 10:31 -0500, Steve Grubb wrote:
>  
> I have a machine that has been migrated for a long time. It has 9 
> gpg-pubkey packages installed. Which ones are valid? Why don't they get 
> retired by obsoletes or something? 

We explored these options after the incident.  Last I heard the only
current way this is going to work is if an updated rpm package is
released that has a hardcoded distrust of the keys that might have been
compromised.  However I do believe it's on their roadmap to revamp how
keys are used so that we could revoke or expire keys, regardless of
where they come from.

> Could someone use my ancient gpg-pubkeys 
> as a basis for an attack on repo metadata 
> (http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html) 
> and provide an older package with known security holes? 
> 
> Old keys should be retired. We should also make import of keys an auditable 
> event.

Are not all rpm actions audited?  Importing a key essentially installs
it into the rpm database.

-- 
Jesse Keating
Fedora -- FreedomĀ² is a feature!
identi.ca: http://identi.ca/jkeating

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]