Security of netinstall?
Troels Arvin
troels at arvin.dk
Wed Mar 23 20:43:36 UTC 2016
When I install Fedora from a netinstall image:
Given that I initially
- check the SHA256 checksum of the Fedora-Server-netinst-x86_64-23.iso
file
- check the GPG signature of the file which contained the checksum
(the Fedora-Server-23-x86_64-CHECKSUM file)
Then:
How is the authenticity of the rest of the installation sources ensured?
I mean: During the installation, the installer in the netinstall image
will pull a number of packages from somewhere on the web; how does it
insure that the packages pulled are really the unaltered Fedora packages?
--
Regards,
Troels Arvin
More information about the users
mailing list