FESCo Meeting Summary for 2008-08-20
Toshio Kuratomi
a.badger at gmail.com
Thu Aug 28 15:52:52 UTC 2008
Richard Hughes wrote:
>>> wwoodsf13: yeah, it's weaksauce, but you remember the failure
>>> condition for PK was *SO BAD* that we added last-minute horrible
>>> hacks to anaconda over jeremy's (valid) objections
>
> I guess by hacks you meant that I wanted anaconda to auto-import the
> fedora signing key at install time.
>
> To be blunt, if the media is compromised, then unsigned updates are the
> _last_ of your problems -- think what would happen if a compromised
> kernel or sshd was installed - a remote exploit without even installing
> a single update.
>
> The only way you can guarantee the authenticity of the media is to post
> it's sha1sum in a well known place that we test the image against -
> which is basically what we do now.
>
> Asking the user to agree that key abcdef12345 corresponds to the fedora
> project at first boot is just security through obscurity. Ubuntu and
> other distributions don't make you do this.
>
I can't speak to the other stuff that people were saying but this one
actually is a problem in the current situation. In this situation we
trust the media but don't trust the signing key that's on the media. We
need to get the new key installed and the old key uninstalled (probably
going to be dealt with as a separate problem) so that we can verify updates.
-Toshio
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20080828/444e7a96/attachment.sig>
More information about the fedora-devel-list
mailing list