2016-12-02 20:15 UTC

View Issue Details Jump to Notes ]
IDProjectCategoryView StatusLast Update
0001046CentOS-4yumpublic2007-07-26 19:49
Reporterherrold 
PrioritynormalSeveritymajorReproducibilityalways
StatusresolvedResolutionfixed 
Product Version 
Target VersionFixed in Version 
Summary0001046: false Require for centos-yumconf in yum-2.4.0-1.centos4.noarch
Description
[herrold@centos-4 ~]$ sudo rpm -e centos-yumconf
Password:
error: Failed dependencies:
        yumconf is needed by (installed) yum-2.4.0-1.centos4.noarch
[herrold@centos-4 ~]$

This is clearly NOT Required -- it is perhaps a Suggests: in that it makes the package function, but it is no more required than 'm4' is Required for sendmail-cf

The proper approach is to add it (centos-yumconf) to the list of base packages, to permit it to be installed in a un-skilled user's base installation, avoiding the need for manual intervention configuring an archive. The mature user can then alter the installing ks.cfg to avoid inclusion of centos-yumconf trivially

The presence of the semi-automatic (and unthinking) importation of a non-cryptographically protected key, as that package is presently set up is too dangerous, and vulnerable to a MitM attack and compromise.

eg:

gpgcheck=1
gpgkey=http://mirror.centos.org/centos/RPM-GPG-KEY-centos4

This scares me to death
TagsNo tags attached.
Attached Files

-Relationships
+Relationships

-Notes

~0005705

range (administrator)

I think this has been fixed in newer versions.
+Notes

-Issue History
Date Modified Username Field Change
2005-10-17 15:46 herrold New Issue
2005-10-17 15:46 herrold Status new => assigned
2007-07-26 19:49 range Status assigned => resolved
2007-07-26 19:49 range Resolution open => fixed
2007-07-26 19:49 range Note Added: 0005705
+Issue History