[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: YUM security issues...



On 28 July 2008, Matt Domsch wrote:
> Seth, James Antill, and I met a week ago to discuss.  These are the
> steps we believe are necessary to resolve.  I didn't realize this
> hadn't been posted yet.
> 
> 
> 1. repomd.xml needs to be signed. Either attached or detached sig
>    (advice sought).  If attached, format would be
> 
> <repomd></repomd>
> delimiter / size of above ?
> signature
> 
> 
> 2. mirrormanager will start using metalinks or something quite like
>     that, to publish the repomd.xml file pointers on the various
>     mirrors worldwide.  This will include typed checksums, a time
>     stamp, and a file size, plus the various URL methods and countries
>     for the mirrors. (I've been coding this on planes this week).
> 
> One challenge here is that the metalink XML format doesn't allow for
> >1 set of attributes for a given file.  We would like to include
> attributes for repomd.xml for the last several days, because slightly stale
> mirrors really are OK (pending rsync).
> 
> 3. mirrormanager requests will use https.
> 
> 4. yum will enable https cert verification and CRL checking.  Right now it
>    secures the stream but doesn't verify the cert.
> 
> 5. yum will grow repomd.xml signature check
> 
> 6. yum will grow metalink parsing
> 
> 7. fedora-release yum.repos.d/* files will point at the new
>    metalink=https://mirrors.fedoraproject.org/metalink?... URL.
> 
> 
> Seem reasonable?
> 

This does seem reasonable, the only question I have is how often does yum
ask MirrorManager for a new repo.xml file?

This strikes me as a good solution to the problems at hand.

Thanks guys, the work is appreciated.

-- 
    JB


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]