another upgrade, another disaster

Adam Williamson awilliam at
Mon Jun 4 17:03:57 UTC 2012

On Sun, 2012-06-03 at 19:56 +0200, Björn Persson wrote:

> I also won't install anything that I haven't checked the PGP signature on. 
> That excludes netinst.iso and Preupgrade, and if I use Anaconda I have to be 
> careful to not let it download anything.

The checksums of the images themselves are signed, and the images are
built by the same team that controls the process for signing individual
packages, using a process by which only packages from the Fedora build
system could possibly be included.

You can't logically claim to trust the individual packages but not trust
the signatures on the DVD/netinst images. They are precisely equally
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | adamwfedora

More information about the devel mailing list