Case has been open for nearly two years. Just got another response from RH Friday. See also: https://access.redhat.com/solutions/2850911
> https://access.redhat.com/support/cases/#/case/01752320 > Case Title : Repo metadata not being published (repo_gpgcheck fails) > Case Number : 01752320 > Case Open Date : 2016-12-05 10:24:14 > Severity : 3 (Normal) > Problem Type : Defect / Bug > Most recent comment: On 2018-10-19 02:23:39, Janorkar, Anuja commented: > "Hello, > Unfortunately, we have not received the update on this. We will get back > to you as soon as we get an update. > We appreciate your patience. > Best Regards, > Anuja J. > Global Support Services, Red Hat" On Fri, Oct 19, 2018 at 4:13 PM Trevor Vaughan <[email protected]> wrote: > Who should I open the request with? > > I haven't really seen any differences in DNF from that point of view in > Fedora yet. > > Thanks, > > Trevor > > On Fri, Oct 19, 2018 at 3:15 PM Steve Grubb <[email protected]> wrote: > >> On Tuesday, October 16, 2018 3:58:01 PM EDT Trevor Vaughan wrote: >> > Necromancing this thread! >> > >> > Any updates on this Steve? >> >> The answer I was given is like this: >> >> "The keys for checking repo. metadata are only used for those repos. >> (so key for repo X can't verify metadata for repo. Y). There are also >> CA keys, so you can cycle keys etc. The keys for rpm checking are >> imported >> into the rpm DB and thus. global, but that's an rpm thing." >> >> So, I don't think rpm/yum were intended to solve the security problem you >> outlined because its now how software distribution normally works. And if >> two >> repos have the same package, I think you will notice some kind of error/ >> warning. Feel free to open some kind of request. I also think the dnf >> developers may have things a little better security-wise. >> >> -Steve >> >> >> >> > > -- > Trevor Vaughan > Vice President, Onyx Point, Inc > (410) 541-6699 x788 > > -- This account not approved for unencrypted proprietary information -- > _______________________________________________ > scap-security-guide mailing list -- > [email protected] > To unsubscribe send an email to > [email protected] > Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] >
_______________________________________________ scap-security-guide mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
