oss-sec mailing list archives
Re: PostgreSQL insecure install via yum (multiple problems)
From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 19 Aug 2013 22:13:51 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/19/2013 07:04 PM, Landon Hurley wrote:
Kurt Seifried <kseifried () redhat com> wrote:Problem:So I wanted to install PostgreSQL 9.2 to test something. So I google "postgresql 9.2 rpm" and get sent to:http://yum.postgresql.org/repopackages.phpwhich is not available by HTTPS at all. Not ideal but ok, I download it over HTTP because I can check the signature on the file right?Wrong, I can't find the key anywhere. I try pgp.mit.edu, I even google site:postgresql.org 442df0f8 and all you get are archived emails with the warning that the signature can't be checked. No copy of the key.Kurt, pgp.mit.edu is deprecated. I recommend searching 0x442df0f8 on pool.sks-keyservers.net which does return a key. landon
Weird, I must have typo'ed it, in any event it returns a key with that value and no signatures. No idea if it's legitimate or not. I can check it against an RPM I downloaded over HTTP which sort of ends me back up square one. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) iQIcBAEBAgAGBQJSEuz/AAoJEBYNRVNeJnmT3UYP/j3UkEnVw+Yp2VT1N7HbVgzv p/P3ZoFCOxyv801RmkbhGTgvFXwAYewKvFzEKh55xiCCuoKTarbyeO84SpsEkxV7 WQizj0pwPBTnCQFDEcAkG1tiPYXiyMXb24QcpRivox7XlrAFyzqE8KNiYxNaWngi ZznFQpenSJgWBpI/F8VqLntOi62Y/DPjJ2yGX0ZHrA/HvG0s7ov5CTr35l4IBYjc J3lCu4mLonbagpFZHWPUMqWQtQvfE02EhfRCOHuU13u9ugrXE755pHQ7/9pTW9wg GAEcNpNC2m4aXpiQfxYga2MI6oELED8Kg56vIwxsdpc6WT6JgqsqdczxG4C6Ooqc 9HxDIke0Y8umXa4WtfAtLneDL2HI9fU5cGYq4ZCs46+rLFr5I552vHzybyjAcQkN 5UjZJsGPTh9x48aY9WADtWE30AS5XGIecIn4Nec27TKxpY0jc4lUsTbepG0aitRn 44Q7LX2moAn3cCWoy0hPFZZMdUcAxSJDdUnSRGQhxKwfYhCxJ8YhQpRZ0Z3sKOac nGh1wEa1VUDBiUrmTiyv9VS/3Hemjh1rL9TgbfBYYpBtCFLo6UmWZssyJMlumf35 4LqzoOEUeLLScTHMclDwHtm33iNCAsO/a/zwJMN1IzyYGaJRreHWcYReIx9/yVP3 iuQmwEOYYTr/5BVMww5C =d7so -----END PGP SIGNATURE-----
Current thread:
- PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Landon Hurley (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Eric H. Christensen (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kevin Fenzi (Aug 19)
- Re: [pgsql-security] Re: [oss-security] PostgreSQL insecure install via yum (multiple problems) Magnus Hagander (Aug 20)
- Re: PostgreSQL insecure install via yum (multiple problems) Daniel Kahn Gillmor (Aug 20)
- Re: PostgreSQL insecure install via yum (multiple problems) Moritz Naumann (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Kurt Seifried (Aug 19)
- Re: PostgreSQL insecure install via yum (multiple problems) Landon Hurley (Aug 19)