another upgrade, another disaster
Adam Williamson
awilliam at redhat.com
Mon Jun 4 17:03:57 UTC 2012
On Sun, 2012-06-03 at 19:56 +0200, Björn Persson wrote:
> I also won't install anything that I haven't checked the PGP signature on.
> That excludes netinst.iso and Preupgrade, and if I use Anaconda I have to be
> careful to not let it download anything.
The checksums of the images themselves are signed, and the images are
built by the same team that controls the process for signing individual
packages, using a process by which only packages from the Fedora build
system could possibly be included.
You can't logically claim to trust the individual packages but not trust
the signatures on the DVD/netinst images. They are precisely equally
trustworthy.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora
http://www.happyassassin.net
More information about the devel
mailing list