Hello, (CC to Marcus in case he's not subscribed here - he pointed out this issue some time ago) Since SUSE Linux 10.1, the repo metadata is GPG-signed so that nobody can inject evil packages (like glibc from 9.1, which is a well-signed package from SUSE ;-) There's still a hole left: It's impossible to check for replay attacks where an attacker provides an outdated version of the update repository, leaving some security holes unfixed. (Or there's just an outdated mirror, same effect...) IMHO this could be solved by adding an expiration date to the repos. The distribution repos could have a TTL of two years, the update repos and Factory maybe one or two weeks. YaST and other tools could then warn the user if "outdated" repos are used. Pros: - replay attacks with outdated update repos are impossible (at least if "outdated" means longer than some days) - outdated mirrors can be identified quickly (the users will complain ;-) - the end of lifetime of a distribution could be "announced" this way - users will instantly notice if their computer's date setting is wrong ;-)) Cons: - there's still a small timeframe between release of the fix and the expiration of the previous update repo version - if no updates are released for some days, you'll have to change the expiration date What do you think about this idea? Regards, Christian Boltz --
Ist das sone Art wie cat sigdatei | grep suchstring? Oh nein - nicht schon wieder! Hilfeeee, Doktor! Ich sehe schon wieder so einen unnötigen cat ;-) [> Michael Raab und Jan Trippler in suse-linux] -- To unsubscribe, e-mail: opensuse-softwaremgmt+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-softwaremgmt+help@opensuse.org