on 2/25/2008 12:50 PM Peter Kjellstrom spake the following: > On Monday 25 February 2008, Scott Silva wrote: >> on 2/25/2008 10:40 AM Jeff Sheltren spake the following: >>> On Feb 25, 2008, at 10:34 AM, Johnny Hughes wrote: > ... >>>> I STILL think pointing to the http://mirror.centos.org/ site is best >>>> for the web enabled CentOS-Base.repo file. >>> Johnny, could you let us know your reasons for wanting to point to the >>> remote GPG key? >> I would think if you could compromise the mirror dns list, you could have >> malicious rpm's signed by a malicious key, and have thousands of systems >> get rooted. > > I'm not sure what you're saying, but if the above happened. Then my > unaffected /etc/pki key would refuse your maliciously signed rpms. > > And if my /etc/pki was bad then that was because my install was bad and I'm > f**ked anyway. > > /Peter > I was supporting your statement of having local keys. I just replied to the wrong message in the thread. Sorry ;-P -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't!!!! _______________________________________________ CentOS-devel mailing list CentOS-develcentos.org http://lists.centos.org/mailman/listinfo/centos-devel
about | contact Other archives ( Real Estate discussion Medical topics )
Mailing lists
Newsgroups
RFC archive
centos.org