questions about installing fedora via http

Tim ignored_mailbox at yahoo.com.au
Mon Apr 30 07:06:34 UTC 2007


On Sun, 2007-04-29 at 12:01 +0300, Angelin Lalev wrote:
> I have some questions about installing fedora via http. 
> 
> 1. After the installation do I still need to use 'yum' to upgrade
> packages as I will need if I install it from CDROM?

I can't remember the answer to that one.  I don't think so, but I'm not
sure.  It was quite some time ago I I did that.

Have a look at the install script, and see if it specifically only uses
the core and extras repos, ignoring the updates ones.

> 2. How secure is installing via http and updating with yum against
> man-in-the-middle attacks? 

All the packages should be signed, with keys you can get from an
official source.  It ought to be safe from that sort of thing (bogus
package replacement), but I can imagine a problem where unsigned
packages get inserted (they wouldn't get checked).

-- 
(This box runs FC6, my others run FC4 & FC5, in case that's
 important to the thread.)

Don't send private replies to my address, the mailbox is ignored.
I read messages from the public lists.





More information about the users mailing list