F19 DVD over size - what to drop?

[Mike Pinkerton]

On 4 May 2013, at 02:03, Chris Adams wrote:

> Creating a complete chain of trust is hard.


Sure, creating a complete chain of trust is hard, but the closest  
thing we have to it today is downloading an iso and verifying its  
checksum -- and trusting that (a) the release team verified the keys  
on the iso image, and (b) the checksum file hasn't been been tampered  
with.

The keys on that iso are the ones that yum will use to check package  
signatures on updates.  Why they are not used to check the signatures  
on packages anaconda installs is beyond me.  It might be imperfect  
security, but it seems much more reasonable than abandoning signature  
checking altogether on a netinstall.


>> The repo works fine for yum after installation.
>
> Is it a mirror of the "Fedora" or "Everything" directory?  I haven't
> checked in a bit, but at one point there was some difference  
> between the
> two related to the comps file (which defines the groups displayed in
> anaconda).  yum would work fine without the comps file (except for
> groupinstall and such).


We have internal mirrors of Fedora, Everything and Updates.  I tried  
to use "Fedora" but will experiment with both it and "Everything" today.


>> Have you tried doing a netinstall from a specific mirror that you
>> specified in the source spoke of anaconda rather than using the pre-
>> configured repo?  Did it work?
>
> Yes.  I operate a mirror server, and then I also have a couple of
> private mirrors hanging off of it I use for my stuff (one at the  
> office
> and one at home).


The problem I'm going to have in testing the F19 TC is that, for  
bandwidth reasons, our internal repo only mirrors the current version  
and arch that we use -- F18 on x86_64 at the moment.  So I'll just  
have to pick a handful of external mirrors and try them.

-- 
Mike