[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: YUM security issues...



Seth, James Antill, and I met a week ago to discuss.  These are the
steps we believe are necessary to resolve.  I didn't realize this
hadn't been posted yet.


1. repomd.xml needs to be signed. Either attached or detached sig
   (advice sought).  If attached, format would be

<repomd></repomd>
delimiter / size of above ?
signature


2. mirrormanager will start using metalinks or something quite like
    that, to publish the repomd.xml file pointers on the various
    mirrors worldwide.  This will include typed checksums, a time
    stamp, and a file size, plus the various URL methods and countries
    for the mirrors. (I've been coding this on planes this week).

One challenge here is that the metalink XML format doesn't allow for
>1 set of attributes for a given file.  We would like to include
attributes for repomd.xml for the last several days, because slightly stale
mirrors really are OK (pending rsync).

3. mirrormanager requests will use https.

4. yum will enable https cert verification and CRL checking.  Right now it
   secures the stream but doesn't verify the cert.

5. yum will grow repomd.xml signature check

6. yum will grow metalink parsing

7. fedora-release yum.repos.d/* files will point at the new
   metalink=https://mirrors.fedoraproject.org/metalink?... URL.


Seem reasonable?

-- 
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]