YUM security issues...
Josh Bressers
bressers at redhat.com
Fri Jul 25 16:46:15 UTC 2008
On 25 July 2008, Matt Domsch wrote:
>
> Yes, this is a known challenge with subnet delegation in
> MirrorManager. We're trusting package signing (and soon, repodata
> signing) to prevent rogue mirrors from issuing unsigned data. In
> addition, I'm working on adding in a way to prevent stale mirrors
> (with signed content) from being used.
>
How does one get this subnet delegation though? Can I request any subnet I
want, or do we do some sort of verification?
What happens if the client decided its mirror is bad, I presume it will go
off and find a better one, even with delegation?
Thanks.
--
JB
More information about the Fedora-infrastructure-list
mailing list