Definitely should have used https instead of http at least. Other than that
is it pretty common and not really different than click downloading a *.bin
install file and running it with bash (I think Oracle Java still does this)
Having public keys you download from an https site at a clear dell URL that
you install by hand and then only install rpms with yum is a tad better. But
pre and post scripts in RPMs can run anything they want via bash. Ultimately
it still comes down to trusting Dell and the integrity of Dell's website
certificate
On Wed, 27 Jun 2018 10:02am, John Hodrien wrote:
On Wed, 27 Jun 2018, [email protected] wrote:
Hi All,
We have updated the Linux repository with SHA 512 public key. Please re-run
repository setup command (curl
-s http://linux.dell.com/repo/hardware/dsu/bootstrap.cgi | bash) to import
the updated signature keys. Please let us know if you face any challenges.
Can someone from Dell maintain a straight face whilst saying that piping the
output of an http URL into a root bash process is a sensible thing to do?
jh
The information in this e-mail is intended only for the person to whom it is
addressed. If you believe this e-mail was sent to you in error and the e-mail
contains patient information, please contact the Partners Compliance HelpLine at
http://www.partners.org/complianceline . If the e-mail was sent to you in error
but does not contain patient information, please contact the sender and properly
dispose of the e-mail.
_______________________________________________
Linux-PowerEdge mailing list
[email protected]
https://lists.us.dell.com/mailman/listinfo/linux-poweredge
