Re: trust update servers?
- From: David Bolt <blacklist-me@xxxxxxxxxx>
- Date: Fri, 28 Sep 2007 12:47:15 +0100
On Fri, 28 Sep 2007, birre wrote:-
On 2007-09-28 09:29, houghi wrote:
However it is very unlikely that a mirror will do
something like that.
houghi
But this _CAN_ happen one day, so importing the key from the mirror is
not the best thing to do. (even if we do it all the time)
Come up with a better method, get your new method added to bugzilla,
including any patches to help get them started, and it may be
implemented in 11.0 .
Hmm, I think I might have heard something similar to this mentioned
before in this group :)
The keys should be added from another server,
that can't be hacked at the same time, or at least a fingerprint check.
Or, if you're really paranoid, have it grab the same keys from multiple
different servers and ensure they're all the same.
This is something that maybe need to be added to some security checker.
See above :)
Regards,
David Bolt
--
Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net
RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit
RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit
TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3b2 32bit
.
- Follow-Ups:
- Re: trust update servers?
- From: houghi
- Re: trust update servers?
- References:
- trust update servers?
- From: takeout
- Re: trust update servers?
- From: David Bolt
- Re: trust update servers?
- From: houghi
- Re: trust update servers?
- From: birre
- trust update servers?
- Prev by Date: Re: trust update servers?
- Next by Date: suse 10.2 with postfix, courier and squirrelmail
- Previous by thread: Re: trust update servers?
- Next by thread: Re: trust update servers?
- Index(es):
Relevant Pages
|
