Bug 149340 - Network queries for rpm signatures are a privacy risk, and a performance problem
Summary: Network queries for rpm signatures are a privacy risk, and a performance problem
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: rawhide
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2005-02-22 16:27 UTC by John Ellson
Modified: 2007-11-30 22:11 UTC (History)
1 user (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2005-02-22 20:48:58 UTC
Type: ---
Embargoed:


Attachments (Terms of Use)

Description John Ellson 2005-02-22 16:27:04 UTC
Description of problem:
Network queries for rpm signatures are a privacy risk since they can
inform an unknown third party of packages on your system.

Also, the performance of "rpm -qa" and "rpm -e" now truly sucks unless
"--nosignature" is added.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1. rpm -qa
2. rpm -qa --nosignature
3.
  
Actual results:
ellson@ellson:~> time rpm -qa >/dev/null 
real    0m8.257s
user    0m3.148s
sys     0m0.834s
ellson@ellson:~> time rpm -qa --nosignature >/dev/null 
real    0m3.793s
user    0m3.001s
sys     0m0.707s


Expected results:
rpm needs explicit user permission before making any network access

Additional info:

Comment 1 Jeff Johnson 2005-02-22 20:48:58 UTC
You have the following choices for the privacy issue,
change your configuration to satisfy your needs:

1) rpm --import all pubkeys used to sign packages.

2) disable the mechanism by adding to ~/.rpmmacros or /etc/rpm/macros
(create if not already there):
    %_hkp_keyserver %{nil}
Add a differenet, possibly local, hkp server there if you want.

Yes, a network timeout during rpm -qa is pathetically slow. You
have the following choice (in addition to the aformentioned)

3) Disable signature verification during queries by adding to
~/.rpmmacros or /etc/rpm/macros:
    %_vsflags_query        -1

In addition, since rpm needs to choose one default value
for distribution, feel free to bring me consensus on
what that default should be. What is in rpm-4.1.1-1
is what I believe is Right for the majority of FC4 users,
but I make no claim at prescience or Godliness, I'm perfectly
willing to change rpm configuration as needed.
     


Note You need to log in before you can comment on or make changes to this bug.