Some people have raised some security concerns in RPM Fusion (and Fedora).
So one improvement we have currently settle for f25 and later is
support for metalink over https in RPM Fusion mirror manager and the
default rpmfusion-{,non}free-release clients.
Packages for f25 are in koji:
http://koji.rpmfusion.org/koji/buildinfo?buildID=2452
http://koji.rpmfusion.org/koji/buildinfo?buildID=2454
I will push them soon.
This will have two benefits:
- clients to mirror manager communication can be sealed with https
- mirror manager will only provide mirrors with fresh content.
more background:
http://lists.rpmfusion.org/pipermail/rpmfusion-developers/2016-September/...
https://bugzilla.rpmfusion.org/show_bug.cgi?id=4269
Basically , this will make the situation in sync with fedora on this
particular topic.
(and better than what is currently done in the CentOS Project).
There are still security improvements to have in RPM Fusion.
If you think about something and it's not in our bugzilla, it's time
to create a report.
(no report, no improvement)
Thx
--
-
Nicolas (kwizart)