On Sun, 2008-10-12 at 17:33 +0000, Kevin Kofler wrote:
>
> "UnsignedPackages=abort" is insane, unless you intend to abort only for
> packages in a repository configured for signature checking.

It always aborts if a package isn't signed in a signed repo.

> ...packages from some third-party non-repository download site (which
> are definitely a security risk, but which won't go away no matter how much
> you'd like them to

Sure, but at that point I absolve all guilt of any security breach.
Having packages automatically downloaded and installed can be both a
blessing and a curse. Perhaps making it harder for people to provide
unsigned repos might be a good idea long term.

Controversial I know. Of course, this is with my PackageKit maintainer
hat on, not my fedora or red hat on.

Richard.


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Sun, 2008-10-12 at 17:49 +0000, Kevin Kofler wrote:
> > Sure, but at that point I absolve all guilt of any security breach.
> > Having packages automatically downloaded and installed can be both a
> > blessing and a curse. Perhaps making it harder for people to provide
> > unsigned repos might be a good idea long term.
>
> The problem is not unsigned repos, it's unsigned isolated packages one
> wants to run pk-install on.

Nahh, we'll allow this to proceed even with "abort" as InstallFile is a
different method, and doesn't operate on a repo. Different problem.

Richard.


--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

Richard Hughes <hughsient <at> gmail.com> writes:
> Sure, but at that point I absolve all guilt of any security breach.
> Having packages automatically downloaded and installed can be both a
> blessing and a curse. Perhaps making it harder for people to provide
> unsigned repos might be a good idea long term.

The problem is not unsigned repos, it's unsigned isolated packages one wants to
run pk-install on.

Kevin Kofler

--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list

On Sun, 2008-10-12 at 17:49 +0100, Richard Hughes wrote:
> On Sun, 2008-10-12 at 18:04 +0200, Denis Leroy wrote:
> > This is a property of the repository, not of the package manager. If
> > the rawhide repo is fundamentally unsigned, this should be a property
> > in the .repo file itself, not a global property.
>
> Sure, this policy is only used if the repo is set to unsigned.
>
> Richard.
>
>

Which the rawhide repos (as shipped) are set to unsigned, until we can
get an automated signing system in place. I don't think I'll be signing
up to getting online at 2am every day to sign all the packages built for
the day just before the rawhide compose.


--
Jesse Keating
Fedora -- Freedom² is a feature!
identi.ca: http://identi.ca/jkeating
--
fedora-devel-list mailing list
fedora-devel-list@redhat.com
https://www.redhat.com/mailman/listinfo/fedora-devel-list