YUM security issues...
Matt Domsch
Matt_Domsch at dell.com
Mon Jul 28 17:07:54 UTC 2008
Seth, James Antill, and I met a week ago to discuss. These are the
steps we believe are necessary to resolve. I didn't realize this
hadn't been posted yet.
1. repomd.xml needs to be signed. Either attached or detached sig
(advice sought). If attached, format would be
<repomd></repomd>
delimiter / size of above ?
signature
2. mirrormanager will start using metalinks or something quite like
that, to publish the repomd.xml file pointers on the various
mirrors worldwide. This will include typed checksums, a time
stamp, and a file size, plus the various URL methods and countries
for the mirrors. (I've been coding this on planes this week).
One challenge here is that the metalink XML format doesn't allow for
>1 set of attributes for a given file. We would like to include
attributes for repomd.xml for the last several days, because slightly stale
mirrors really are OK (pending rsync).
3. mirrormanager requests will use https.
4. yum will enable https cert verification and CRL checking. Right now it
secures the stream but doesn't verify the cert.
5. yum will grow repomd.xml signature check
6. yum will grow metalink parsing
7. fedora-release yum.repos.d/* files will point at the new
metalink=https://mirrors.fedoraproject.org/metalink?... URL.
Seem reasonable?
--
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux
More information about the Fedora-infrastructure-list
mailing list