PackageKit Misconceptions
Jesse Keating
jkeating at redhat.com
Wed Aug 22 18:12:59 UTC 2007
On Wed, 22 Aug 2007 13:53:40 -0400
David Zeuthen <davidz at redhat.com> wrote:
> Assume that Alice gets Fedora from Mallory's mirror. What prevents
> Mallory from patching the rpm and yum programs that end up on Alice's
> system to avoid honoring the keys that we, painfully, make her import?
I honestly don't have an answer for this. They could. Should we then
just throw out any and all verification utilities? That would make
life easier.
--
Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/desktop/attachments/20070822/9cf4935e/attachment.bin
More information about the desktop
mailing list