jspaleta at gmail.com
Wed Aug 22 21:13:38 UTC 2007
On 8/22/07, David Zeuthen <davidz at redhat.com> wrote:
> Assume that Alice gets Fedora from Mallory's mirror. What prevents
> Mallory from patching the rpm and yum programs that end up on Alice's
> system to avoid honoring the keys that we, painfully, make her import?
would signing our mirror metadata help?
would importing the provided keys at install time help?
(We have to assume the install media is trusted)
More information about the desktop