On 12/20/2015 01:28 PM, Always Learning wrote:

On Sun, 2015-12-20 at 12:44 -0800, Alice Wonder wrote:


RPM has ability to install a package over the network.

rpm -i ftp://example.org/foo-2.2.noarch.rpm


Thanks for the new knowledge.

The point I'm trying to make though is that yum could benefit from
the ability to verify the fingerprint in a key it is importing
matches a DNS query for the user and domain the key claims to be for.

Regardless of how the package was retrieved, this could prevent
dishonest trojan keys from being imported, especially if DNSSEC
validated the DNS query.

How widespread is the problem of unknowingly importing compromised
software ?


--

For me, I prefer to be pro-active rather than reactive.

DNSSEC gives us a some validation options we did not formerly have, I like to use it where it takes away potential vectors whether they currently are popular attack vectors or not.
_______________________________________________
CentOS mailing list
CentOS@centos.org
https://lists.centos.org/mailman/listinfo/centos

Reply via email to