 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Matthew Valites wrote: | I'm not really sure why turning off gpg signatures on up2date would | compromise... ...either way, that's why I offered | the suggestions of using yum (a much better solution as stated by the RH | people) or what files to check with the up2date stuff... hi, there seems to be an issue with trying to use more than one solution on the same box, here's a snip i got in the mail, "Either one works well, and they do about the same thing. I think apt is a bit easier to use when installing new packages and resolving dependencies, but yum.up2date is the supported tool. Just don't run both. (At different times, of course!) I found myself in the situation where up2date choked because apt installed a higher level of a package than was available via up2date. It said the package had to be updated, but failed because the installed version was at a higher level than the "required" version." also, concerning what you said about turning off gpg, after thinking about it some more, you're right and i was wrong. here's another snip from www.securityfocus.com, "For an attacker to make use of this flaw, they would have to make unsigned packages appear on the Red Hat Network. Connections to the Red Hat Network servers are authenticated and verified by the use of SSL, so it is not possible to intercept the connection to Red Hat Network servers and give unsigned packages. To make use of this flaw, an attacker would have to compromise the Red Hat Network servers at Red Hat. Because of these factors, the risk of exploiting this bug is low." they are talking about the change of gpg sig that happened a little while back. there's easier ways to get root huh? hey to the gentleman who started this conversation, any luck on getting your up2date fixed? - -- loki_the_doppelganger http://home.comcast.net/~235u/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/vD4zMb0VvwEIaEsRAuRGAJ9Kb4ZAU/4iu75ry8m4Pu+6E2VekQCcCo3D 29Gz3QAZS9VoOaVmvB+HHZk= =JMjR -----END PGP SIGNATURE-----
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
