Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] the new YOU, how it works for ME? =)
  • From: Steffen Dettmer <steffen@xxxxxxx>
  • Date: Sun, 11 Feb 2001 19:11:58 +0100
  • Message-id: <20010211191158.B3051@xxxxxxxxx>
* Stephan Martin wrote on Sun, Feb 11, 2001 at 15:45 +0100:
> HiHO...
> > Is it possible to give some details about the new Yast Online Update
> > for suse 7.1?
> Then you can use the YaST2 frontend to connect to the ftp-server. It will
> fetch the "patch-files" and show you the description. Then you can let
> YaST2 install the update. Or you can choose the automated way and YaST2
> will do everything without asking for any decisions.

Are the packages signed? Otherwise this looks like a nice
security hole here, since some DNS Spoofing or similar would
allow an attacker to send trojaned RPMs.

> But it's a really good thing for all the newbies, who are used to click
> buttons :-)

I'm afraid this could cause a wrong feeling of security.
Automatic updates are a problem at all, I had troubles with a lot
of SuSEs RPMs, I believe that around 50% of the updates needed
manual actions. SuSE would need to test the RPMs contents as much
as possible, otherwise you get that windows behaivior: installing
a ServicePack, and some things will not work and so on, and
nobody knows why. As long as there are problems with the RPMs as
currently I would not use that automatic thing at all. I have to
test any RPM before installing in production.



Dieses Schreiben wurde maschinell erstellt,
es trägt daher weder Unterschrift noch Siegel.

< Previous Next >
Follow Ups