YUM security issues...
Matt Domsch
mdomsch at fedoraproject.org
Fri Jul 25 16:07:10 UTC 2008
On Fri, Jul 25, 2008 at 10:43:59AM -0500, Mike McGrath wrote:
> On Fri, 25 Jul 2008, Jesse Keating wrote:
>
> > On Fri, 2008-07-25 at 10:37 -0500, Mike McGrath wrote:
> > >
> > > AFAIK, this service is still in place and working fine. Though I am a
> > > little confused about the question. It sounds like you'd like to direct
> > > all subnet traffic to a specific mirror. But you're also saying you took
> > > your mirror down. Are you worried people in your subnet are being
> > > directed to a down mirror?
> >
> > More like taking over a subnet and directing all clients at a rouge
> > mirror.
>
> <nod> that makes more sense. Domsch?
Yes, this is a known challenge with subnet delegation in
MirrorManager. We're trusting package signing (and soon, repodata
signing) to prevent rogue mirrors from issuing unsigned data. In
addition, I'm working on adding in a way to prevent stale mirrors
(with signed content) from being used.
--
Matt Domsch
Linux Technology Strategist, Dell Office of the CTO
linux.dell.com & www.dell.com/linux
More information about the Fedora-infrastructure-list
mailing list