[katello-devel] GPG keys - proposed solution
Justin Sherrill
jsherril at redhat.com
Tue Nov 22 14:56:54 UTC 2011
On 11/22/2011 02:16 AM, Ohad Levy wrote:
>
> ----- Original Message -----
> | On 11/16/2011 03:44 AM, Ohad Levy wrote:
> |> now, my question is concerned security:
> |> pulp trust the repo based of the ssl cert, and the client trust the
> |> packages based on the gpg key (and ssl), however, in this case, if
> |> someone was to hijack the repo, he could replace the gpg key as
> |> well (meaning ssl certs is all that is required), does anyone see
> |> an issue with that?
> |
> | What if the gpgkey was in another location, not tied to the repo?
> | Then
> | they would need to hikjack both. Would that be better?
> |
> I guess what we could do, is to keep the gpg key within katello (and not the url itself), this would allow the user to upload the gpg key for his custom repo and subscription-manager(?) to fetch it from katello when configuring yum.
Is this something that any other rpm provider has been concerned with?
(aka fedora) If an attacker were to resign all of the rpms and include
a new GPG key, wouldn't it only effect new clients? Old clients would
have already downloaded the GPG cert and would not automatically
download a new one.
Is this a security concern with the pulp people? It seems that if it is
we should work with them, since we are using them for repository
management (and they provide a GPG storing feature).
-Justin
>
> Ohad
>
> _______________________________________________
> katello-devel mailing list
> katello-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/katello-devel
More information about the katello-devel
mailing list