[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AutoRPM

On Tue, Mar 07, 2000 at 11:52:42PM +0000, David Webster wrote:
> Obviously I'd have to build some sort of package authentication, so
> someone doesn't spoof the machine address and install malicious packages
> on the users computer, but that shouldn't be too hard if I get the program
> to search for the Indy PGP key, rather than the RedHat one.

There was a long discussion of authentication for automatic updating
systems, on the bastille-linux list a month or so back. There were a
very large number of tricky issues that cropped up. (I imagine they
have archives somewhere...)
> Any ideas/comments?

Please transition your security rpm's from cran over to belegost, since
cran doesn't have much space and belegost has lots.
You have a 'cog' account on belegost, I believe. Let me know if things
aren't working.