[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New Key Repo Locations



Warren Togami wrote:
> Matt Domsch wrote:
>> On Sat, Aug 30, 2008 at 07:46:31PM +0300, Axel Thimm wrote:
>>> On Fri, Aug 29, 2008 at 02:56:38PM -0400, Jon Stanley wrote:
>>>> We're using MM to redirect ALL requests for the old repo location to
>>>> mirrors that we have ultimate control over.
>>> I don't think that's true, see [1] for 64 mirrors that are suggested
>>> for my location that are certainly not under Red Hat/Fedora control,
>>> actually it looks like none is.
>>
>> that's the plan, it's not implemented yet.  In fact, I'll probably
>> just do it with plain HTTP redirects in an httpd.conf file rather than
>> special-case it in MM.
>>
> 
> http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001627.html
> Matt, you are misunderstanding the plan.  No redirections are necessary
> at any level of this plan.
> 
Warren, I think we need to add redirection as step 6.1.

If we don't lock out mirrors that we don't control at that stage,
there's nothing to prevent the following scenario::

Person with the key has brute forced passphrase and compromises mirror.
 uploads packages signed with old key to the F-9 repo on the old mirror.
 Among other things these packages subvert yum so that it will only
update from compromised mirrors and removes the new key from the
NEWREPO.  User downloads F-9 ISO.  Installs F-9 with old key as valid.
User hits the compromised mirror on first yum update and installs
compromised packages.

-Toshio

Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]