Case has been open for nearly two years. Just got another response from RH Friday. See also: https://access.redhat.com/solutions/2850911
https://access.redhat.com/support/cases/#/case/01752320 Case Title : Repo metadata not being published (repo_gpgcheck fails) Case Number : 01752320 Case Open Date : 2016-12-05 10:24:14 Severity : 3 (Normal) Problem Type : Defect / Bug Most recent comment: On 2018-10-19 02:23:39, Janorkar, Anuja commented: "Hello, Unfortunately, we have not received the update on this. We will get back to you as soon as we get an update. We appreciate your patience. Best Regards, Anuja J. Global Support Services, Red Hat"
On Fri, Oct 19, 2018 at 4:13 PM Trevor Vaughan tvaughan@onyxpoint.com wrote:
Who should I open the request with?
I haven't really seen any differences in DNF from that point of view in Fedora yet.
Thanks,
Trevor
On Fri, Oct 19, 2018 at 3:15 PM Steve Grubb sgrubb@redhat.com wrote:
On Tuesday, October 16, 2018 3:58:01 PM EDT Trevor Vaughan wrote:
Necromancing this thread!
Any updates on this Steve?
The answer I was given is like this:
"The keys for checking repo. metadata are only used for those repos. (so key for repo X can't verify metadata for repo. Y). There are also CA keys, so you can cycle keys etc. The keys for rpm checking are imported into the rpm DB and thus. global, but that's an rpm thing."
So, I don't think rpm/yum were intended to solve the security problem you outlined because its now how software distribution normally works. And if two repos have the same package, I think you will notice some kind of error/ warning. Feel free to open some kind of request. I also think the dnf developers may have things a little better security-wise.
-Steve
-- Trevor Vaughan Vice President, Onyx Point, Inc (410) 541-6699 x788
-- This account not approved for unencrypted proprietary information -- _______________________________________________ scap-security-guide mailing list -- scap-security-guide@lists.fedorahosted.org To unsubscribe send an email to scap-security-guide-leave@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/scap-security-guide@lists.fedor...