On Tue, May 29, 2012 at 10:06 AM, Carlos E. R.
I *hope* the security never depends on the server but on cryptographically signing the files - and verifying the validity of the signature before using them.
Verifying the signatures is not possible, they are not listed on a secure server.
What is a secure server?
Even the DVD could be rewritten by a rogue mirror with false signatures. A lot of work, but doable.
Assuming (and it's no small assumption) that you trust the signing key, that is not possible. How do you get to trust a signing key? Well... you have a leap of faith the first time you configure a repo. How do you avoid that leap of faith? With an official page that lists official repo's key checksums that uses https signed by a trustworthy CA. And the user has to check. If he/she doesn't... leap of faith it is still. That still assumes you have software trustworthily configured with the CA roots, which is not the case for install medium. Unless you downloaded the medium from a properly authenticated https server. And round and round it goes. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org