[relnotes] [Bug 998] FTP/NFS install/upgrade is unsafe, should check GPG signatures.
bugzilla at redhat.com
bugzilla at redhat.com
Mon Apr 24 08:13:52 UTC 2006
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.
Summary: FTP/NFS install/upgrade is unsafe, should check GPG signatures.
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998
bugzilla at redhat.com changed:
What |Removed |Added
----------------------------------------------------------------------------
Severity|security |normal
Keywords| |Security
------- Additional Comments From samuel at bcgreen.com 2006-04-24 04:13 EST -------
It just hit me that multiple repositories aren't that big of a problem -- that's
what the web of trust is for. Red Hat can have a repository signing key that
signs the keys used in 'trusted' repositories. This would not give automatic
trust to those repositories, but people could, at least, be able to trust those
second/third level keys with some level of knowledge that they are, at least,
not using completely anonymous keys.
--
Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
More information about the Fedora-relnotes-content
mailing list