CentOS Bug Tracker
CentOS Bug Tracker

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001046CentOS-4yumpublic2005-10-17 15:462007-07-26 19:49
Reporterherrold 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001046: false Require for centos-yumconf in yum-2.4.0-1.centos4.noarch
Description
[herrold@centos-4 ~]$ sudo rpm -e centos-yumconf
Password:
error: Failed dependencies:
        yumconf is needed by (installed) yum-2.4.0-1.centos4.noarch
[herrold@centos-4 ~]$

This is clearly NOT Required -- it is perhaps a Suggests: in that it makes the package function, but it is no more required than 'm4' is Required for sendmail-cf

The proper approach is to add it (centos-yumconf) to the list of base packages, to permit it to be installed in a un-skilled user's base installation, avoiding the need for manual intervention configuring an archive. The mature user can then alter the installing ks.cfg to avoid inclusion of centos-yumconf trivially

The presence of the semi-automatic (and unthinking) importation of a non-cryptographically protected key, as that package is presently set up is too dangerous, and vulnerable to a MitM attack and compromise.

eg:

gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4 [^]

This scares me to death
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0005705)
range (administrator)
2007-07-26 19:49

I think this has been fixed in newer versions.

- Issue History
Date Modified Username Field Change
2005-10-17 15:46 herrold New Issue
2005-10-17 15:46 herrold Status new => assigned
2007-07-26 19:49 range Status assigned => resolved
2007-07-26 19:49 range Resolution open => fixed
2007-07-26 19:49 range Note Added: 0005705


Copyright © 2000 - 2014 MantisBT Team
Powered by Mantis Bugtracker