[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: YUM security issues...



On 25 July 2008, Matt Domsch wrote:
> 
> Yes, this is a known challenge with subnet delegation in
> MirrorManager.  We're trusting package signing (and soon, repodata
> signing) to prevent rogue mirrors from issuing unsigned data.  In
> addition, I'm working on adding in a way to prevent stale mirrors
> (with signed content) from being used.
> 

How does one get this subnet delegation though?  Can I request any subnet I
want, or do we do some sort of verification?

What happens if the client decided its mirror is bad, I presume it will go
off and find a better one, even with delegation?

Thanks.

-- 
    JB


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]