On Friday, March 14, 2014 19:30:01 Carlos E. R. wrote:
On 2014-03-14 21:04, Jason wrote:
On Friday, March 14, 2014 08:48:20 Adrian Schröter wrote: Your clock might be wrong, too fast. It is now 19:24.
Botched timezone during setup few days ago:) Good eye though.
Fail at comprehension:) Thank you.
FWIW, I'd prefer for zypper to:
1. Halt with a warning when digest check fails (ie no options to be dealt with) 2. Do not install package if key is not matching. I do understand the process more or less now, thank you gentlemen for explaining it to me so I see how this is is the _least_ possible issue.
As I understand it, the repository metadata is signed, and both YaST and zypper will give a big warning if the signature check (of the metadata) fails.
True.
Individual packages are signed, but the signatures are not verified.
Agreed. What I'm suggesting, (well, just thinking out loud) in case of repo key compromise, to have packages signed with a different key and fail to install the package if key doesn't match or there's no key. Or at the bare minimum, refuse to install package that isn't signed/signed with a different key. If repo key is compromised, any malicious package would be rejected by the local machine if signed by different key _and_ any malicious package would be easily recognized. It also removes a single point of failure. Though again, I'm probably missing something here.
However, those packages are listed in the metadata, with checksums, so that if a single package does not match the metadata contained checksum, you will get a warning. Zypper/yast would not install that package, as bad.
Yes, it will pull up a warning that digest checking failed and _offer_ you options. At this point what I'm suggesting is to drop it without options but with only a warning, or enter re-download loop few times, fail if unsuccessful _and_ pull up a warning Also, log warnings. Currently it isn't doing that AFAIK.
So the overall process is gpg signed :-)
But there are seemingly few points to discuss or clarify to uninformed like me :) -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org