F19 DVD over size - what to drop?

[Chris Adams]

Once upon a time, Lars Seipel <lars.seipel at gmail.com> said:
> - the checksums for netinstall images are signed with a Fedora key
> - the corresponding public key is made available through https
> - therefore the integrity of installer images can be verified

That's only verifiable after the fact (when you want to use the
installer) if you burn to CD/DVD (which I believe is less common these
days).  If you put it on a USB stick with something like
livecd-iso-to-disk it gets changed.

That also doesn't protect against malicious updates.img from the install
server.

In any case, I was talking about validation _during_ install, not prior
to install.  How many people compare the ISO checksum and the signature
on the checksum file?  AFAIK there is not automated tool to do that, so
it is a bunch of manual steps.
-- 
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.