rpm --import

Ralf Ertzinger fedora-devel at camperquake.de
Fri Jan 7 12:25:25 UTC 2005


Hi.

Jay Turner <jkt at redhat.com> wrote:

> Security.  It's generally a good idea to validate that the key you're
> adding to the keyring is really the one that you think it is, and if
> this keyring addition were done automatically, then someone could switch
> out the keys, thus a malicious key would be automatically added to the
> keyring. Things start to go downhill from that point.

Well, I generally have to trust the media I install from anyway, so what
is the point in treating a single file different from all the others?




More information about the devel mailing list