Red Hat Bugzilla – Bug 149340
Network queries for rpm signatures are a privacy risk, and a performance problem
Last modified: 2007-11-30 17:11:00 EST
Description of problem: Network queries for rpm signatures are a privacy risk since they can inform an unknown third party of packages on your system. Also, the performance of "rpm -qa" and "rpm -e" now truly sucks unless "--nosignature" is added. Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. rpm -qa 2. rpm -qa --nosignature 3. Actual results: ellson@ellson:~> time rpm -qa >/dev/null real 0m8.257s user 0m3.148s sys 0m0.834s ellson@ellson:~> time rpm -qa --nosignature >/dev/null real 0m3.793s user 0m3.001s sys 0m0.707s Expected results: rpm needs explicit user permission before making any network access Additional info:
You have the following choices for the privacy issue, change your configuration to satisfy your needs: 1) rpm --import all pubkeys used to sign packages. 2) disable the mechanism by adding to ~/.rpmmacros or /etc/rpm/macros (create if not already there): %_hkp_keyserver %{nil} Add a differenet, possibly local, hkp server there if you want. Yes, a network timeout during rpm -qa is pathetically slow. You have the following choice (in addition to the aformentioned) 3) Disable signature verification during queries by adding to ~/.rpmmacros or /etc/rpm/macros: %_vsflags_query -1 In addition, since rpm needs to choose one default value for distribution, feel free to bring me consensus on what that default should be. What is in rpm-4.1.1-1 is what I believe is Right for the majority of FC4 users, but I make no claim at prescience or Godliness, I'm perfectly willing to change rpm configuration as needed.