#antipov

anonymiss@despora.de

Major #Linux #RPM #problem uncovered

Source: https://www.zdnet.com/article/major-linux-rpm-problem-uncovered/

Why? Because RPM had never properly checked revoked certificate key handling. Specifically, as Linux and lead RPM developer Panu Matilainen explained: "Revocation is one of the many unimplemented things in rpm's #OpenPGP support. In other words, you're not seeing a bug as such; it's just not implemented at all, much like expiration is not."

This is a bad #security #vulnerability but with open source you have the chance to find it and better late than never. You can't say this often enough: "Open source can increase your security but someone with experience has to do a #codereview. If no one checked the code then everything is possible :(

#update #installation #software #opensource #floss #foss #centos #bug #certificate #patch #antipov #suse #redhat #enterprise #signature #fail