Loading...

XML

Word

Printable

JSON

Type: Bug
Resolution: Won't Fix
Priority: Major - P3
Fix Version/s: 01112017-cleanup
Affects Version/s: None
Component/s: None
Labels:
- collector-298ba4e7
Environment:

Hide

*Location*: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat/
*User-Agent*: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36
*Screen Resolution*: 1920 x 1080
*repo*: docs
*source*: tutorial/install-mongodb-on-red-hat

Show
*Location*: https://docs.mongodb.org/manual/tutorial/install-mongodb-on-red-hat/ *User-Agent*: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.132 Safari/537.36 *Screen Resolution*: 1920 x 1080 *repo*: docs *source*: tutorial/install-mongodb-on-red-hat

The official MongoDB guide suggests that I add a `.repo` with `gpgcheck=0` over HTTP protocol. I'm getting the feeling that this is a very insecure setup - I am worried about exposing myself to MiTM attacks this way everytime I try to update my system within an untrusted network. Is this actually possible or are there any security mechanisms that I'm not aware of that would protect me from that? If not, is there any way to make this `.repo` setup more secure without relying on my OS's old packages or compiling the program from scratch?

Assignee:: Kay Kim (Inactive)

Reporter:: Docs Collector User (Inactive)

Participants:: Docs Collector User, Kay Kim

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Created:: Oct 03 2015 01:02:29 PM UTC

Updated:: Nov 03 2017 11:18:17 AM UTC

Resolved:: Jul 27 2016 09:42:48 PM UTC

Days since reply:: 7 years, 40 weeks ago

Details

Description

Attachments

Activity

People

Dates