[Rpm-maint] [rpm-software-management/rpm] Make the rpmdb keyring type macro-configurable (#1575)

Vitalio notifications at github.com
Sun Sep 19 04:27:25 UTC 2021


> The fs keyring behavior has potential security problems as it allows any
> package to drop in files at the keyring path, instantly becoming trusted
> keys.

In ALT we considering using fs keyring feature, can you explain how adding a file is different in security than adding a key into rpmdb by any package?

Theoretically, fs keys (in the future) could be protected by fsverity or IMA while rpmdb not.

> The other issue is that the on-disk and rpmdb variants don't play well
> together, in fact they don't play together at all.

Can you also elaborate on this? Thanks much in advance!


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/1575#issuecomment-922413477
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20210918/fb0b156a/attachment.html>


More information about the Rpm-maint mailing list