PackageKit Misconceptions

Jesse Keating jkeating at
Wed Aug 22 18:12:59 UTC 2007

On Wed, 22 Aug 2007 13:53:40 -0400
David Zeuthen <davidz at> wrote:

> Assume that Alice gets Fedora from Mallory's mirror. What prevents
> Mallory from patching the rpm and yum programs that end up on Alice's
> system to avoid honoring the keys that we, painfully, make her import?

I honestly don't have an answer for this.  They could.  Should we then
just throw out any and all verification utilities?  That would make
life easier.

Jesse Keating
Fedora -- All my bits are free, are yours?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : 

More information about the desktop mailing list