Will Woods wrote: > Preupgrade is currently designed to be exactly as secure as an anaconda > http install. No less, no more. But it's not being marketed as an alternative to an Anaconda HTTP install with less downtime as the only improvement. It's being marketed as a safer alternative to a live upgrade with Yum, and as a faster, more convenient and less bandwidth-wasting alternative to downloading and burning DVD images. See this article for example: http://www.redhatmagazine.com/2008/04/15/interview-fedora-developers-seth-vidal-and-will-woods/ The article talks a lot about how Preupgrade is better than both a Yum upgrade and a DVD-based upgrade, but says very little about network-based Anaconda upgrades, and it's completely silent about the security aspect. Here's a quote from the article: "So you can upgrade with the convenience and bandwidth savings of a live upgrade, but without the risky craziness inherent therein." Yeah, it avoids the risky craziness inherent in a Yum upgrade but adds instead the crazy riskiness inherent in an HTTP-based Anaconda upgrade. That's no improvement in my book. No matter what the risks with a Yum upgrade are, getting intruders in my computer is worse. > Nothing's *missing*. There just aren't any signatures to check for the > boot images, and there never have been. For several years now, all my boot images have been included in ISO images. Those ISO images have been accompanied by checksum files, and those checksum files have been cryptographically signed. I always verify the signature and the checksums, and when they're verified correctly I know that all the files in the ISO image are clean, including the boot images. Generating detached signatures for the boot images and putting them in the directory where the images are published would take at most five minutes of manual work for each release. > Furthermore anaconda doesn't check the gpg signatures of packages it > downloads and installs during http installs. Never has. That's bug #998. > (Yes, #998. Not a typo. See https://bugzilla.redhat.com/998) Would you like to guess why I never do network-based installs except from my own server directly attached with a crossover cable? Björn Persson -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
