F19 DVD over size - what to drop?
Lars Seipel
lars.seipel at gmail.com
Mon May 6 00:09:51 UTC 2013
On Sat, May 04, 2013 at 01:03:11AM -0500, Chris Adams wrote:
> However, unless your installer image is signed, checking RPM signatures
> in anaconda is pointless (which is why the feature you mentioned is
> based on Secure Boot). If someone was going to the trouble of changing
> the RPM signatures, they could also change the public keys included in
> anaconda.
Hmm.
- the checksums for netinstall images are signed with a Fedora key
- the corresponding public key is made available through https
- therefore the integrity of installer images can be verified
Obtaining an SSL certificate for fedoraproject.org shouldn't be much
easier than getting your code signed to run under Secure Boot. Not
checking RPM signatures seems to be the weakest link here.
What am i missing?
Lars
More information about the devel
mailing list