Warren Togami wrote: > Matt Domsch wrote: >> On Sat, Aug 30, 2008 at 07:46:31PM +0300, Axel Thimm wrote: >>> On Fri, Aug 29, 2008 at 02:56:38PM -0400, Jon Stanley wrote: >>>> We're using MM to redirect ALL requests for the old repo location to >>>> mirrors that we have ultimate control over. >>> I don't think that's true, see [1] for 64 mirrors that are suggested >>> for my location that are certainly not under Red Hat/Fedora control, >>> actually it looks like none is. >> >> that's the plan, it's not implemented yet. In fact, I'll probably >> just do it with plain HTTP redirects in an httpd.conf file rather than >> special-case it in MM. >> > > http://lists.fedoraproject.org/pipermail/rel-eng/2008-August/001627.html > Matt, you are misunderstanding the plan. No redirections are necessary > at any level of this plan. > Warren, I think we need to add redirection as step 6.1.
If we don't lock out mirrors that we don't control at that stage, there's nothing to prevent the following scenario:: Person with the key has brute forced passphrase and compromises mirror. uploads packages signed with old key to the F-9 repo on the old mirror. Among other things these packages subvert yum so that it will only update from compromised mirrors and removes the new key from the NEWREPO. User downloads F-9 ISO. Installs F-9 with old key as valid. User hits the compromised mirror on first yum update and installs compromised packages. -Toshio
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Fedora-infrastructure-list mailing list Fedora-infrastructure-list@redhat.com https://www.redhat.com/mailman/listinfo/fedora-infrastructure-list
