[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: YUM security issues...



On Fri, Jul 25, 2008 at 10:43:59AM -0500, Mike McGrath wrote:
> On Fri, 25 Jul 2008, Jesse Keating wrote:
> 
> > On Fri, 2008-07-25 at 10:37 -0500, Mike McGrath wrote:
> > >
> > > AFAIK, this service is still in place and working fine.  Though I am a
> > > little confused about the question.  It sounds like you'd like to direct
> > > all subnet traffic to a specific mirror.  But you're also saying you took
> > > your mirror down.  Are you worried people in your subnet are being
> > > directed to a down mirror?
> >
> > More like taking over a subnet and directing all clients at a rouge
> > mirror.
> 
> <nod> that makes more sense.  Domsch?

Yes, this is a known challenge with subnet delegation in
MirrorManager.  We're trusting package signing (and soon, repodata
signing) to prevent rogue mirrors from issuing unsigned data.  In
addition, I'm working on adding in a way to prevent stale mirrors
(with signed content) from being used.

-- 
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]