Should Fedora rpms be signed?
whooperhsd3 at earthlink.net
Tue Oct 26 12:25:39 UTC 2004
> A recent scam involving fake updates to Fedora has highlighted the lack
> of signed RPMs for Fedora Core.
How? Would it make you feel better if the fake updates had installed a
signature first? Or told you that you had to install a new key from the
fake site? The ONLY thing that signatures tell you is that the RPM has
been signed with a particular key, that's it.
The only thing that was shown is that there are potentially people that
will blindly follow directions from any random e-mail they recieve.
(I leave to others to explain the difference between "Fedora Core" RPMs
(that are signed) and "Rawhide" RPMs (which may or may not be signed).)
More information about the test