Björn Persson wrote:
Will Woods wrote:
Preupgrade is currently designed to be exactly as secure as an anaconda
http install. No less, no more.
But it's not being marketed as an alternative to an Anaconda HTTP install with
less downtime as the only improvement. It's being marketed as a safer
alternative to a live upgrade with Yum, and as a faster, more convenient and
less bandwidth-wasting alternative to downloading and burning DVD images. See
this article for example:
http://www.redhatmagazine.com/2008/04/15/interview-fedora-developers-seth-vidal-and-will-woods/
The article talks a lot about how Preupgrade is better than both a Yum upgrade
and a DVD-based upgrade, but says very little about network-based Anaconda
upgrades, and it's completely silent about the security aspect. Here's a
quote from the article:
"So you can upgrade with the convenience and bandwidth savings of a live
upgrade, but without the risky craziness inherent therein."
Yeah, it avoids the risky craziness inherent in a Yum upgrade but adds instead
the crazy riskiness inherent in an HTTP-based Anaconda upgrade. That's no
improvement in my book. No matter what the risks with a Yum upgrade are,
getting intruders in my computer is worse.
Nothing's *missing*. There just aren't any signatures to check for the
boot images, and there never have been.
For several years now, all my boot images have been included in ISO images.
Those ISO images have been accompanied by checksum files, and those checksum
files have been cryptographically signed. I always verify the signature and
the checksums, and when they're verified correctly I know that all the files
in the ISO image are clean, including the boot images.
Generating detached signatures for the boot images and putting them in the
directory where the images are published would take at most five minutes of
manual work for each release.
Furthermore anaconda doesn't check the gpg signatures of packages it
downloads and installs during http installs. Never has. That's bug #998.
(Yes, #998. Not a typo. See https://bugzilla.redhat.com/998)
Would you like to guess why I never do network-based installs except from my
own server directly attached with a crossover cable?
Björn Persson
First my thanks to Bjorn for taking the time to start this discussion.
Then my piece, after which I will try like hell to leave this alone.
I am glad at least that the "preupgrade is still in testing" argument
was never brought up or the "your automatically a guinea pig if you get
things from the testing repo". All that aside I for one feel that if the
Fedora Community is going to continue to thrive and grow then security
has to be dealt with openly. I have in the past tried to broach the
security issue without much success. Everyone is afraid to talk about
it, instead I have seen suggestions, from some, that these things
shouldn't be discussed openly for fear that crackers will get ideas.
Security by obscurity is not real security, its just purposely pulling
the wool over your own eyes. If the time isn't taken to properly
consider these things in the planning phase then what are the odds that
it will ever be dealt with properly? Who will you blame when your box
gets compromised? How many will look in the mirror first when the time
comes? How many of us have the stones to that honest with ourselves? A
while back I posted a link to an article that I found while going over
Dan Walsh's live journal, it was titled : The Six Dumbest Ideas in
Computer Security. The article is itself a few years old and most of the
dumb ideas much older than that, frankly I am surprised by how many of
these dumb ideas are still around , not necessarily among the Fedora
Community specifically but out there where I work, amongst these small
businesses that I do work for on occassion, most especially but not
surprisingly amongst the home pc users, largely running M$ sure but even
so I have seen this ignorance extend to system admins with many years of
experience. People seem to just put their security in the hands of some
software engineer they have never met and accept whatever half baked
piece of crap gets marketed from week to week. I wonder what it says
about a community that the issue cannot be raised without it
degenerating in to some mindless flame war, that a positive and useful
discussion cannot take place on the bleeding edge of software amongst a
community that is supposed to be leading the way for FOSS. I've said my
piece, torch me in effigy if you must, start lobbing the flame grenades
at me if you need a target, blame me if you like for all the ills of the
world, it ultimately won't change the fact that many of us shirk our
responsibilty to Fedora and Redhat.
I have an operating system, completely free, it costs me nothing. All i
hear is whining about the video drivers, pulseaudio. "I am going to
Ubuntu" because i can't get my palm pilot to work or my mp3 codec isn't
included. There is always my personal favorite "I am turning SELinux
off, its too hard, it sucks, my flash doesn't work". The Adobe flash is
a gaping security hole in every computer across this planet and people
line up to get screwed by it. We've been given a gift, a precious thing,
the freedom to define our experience and instead of helping improve it
all we do is complain that it doesn't measure up to our broken standard.
--
On the eighth day he said "There shall be no rest for the weary."
On the ninth day he farted, and it smelled like sulphur ;^)
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
