Security of netinstall?
Matthew Miller
mattdm at fedoraproject.org
Thu Mar 24 22:23:36 UTC 2016
On Wed, Mar 23, 2016 at 08:43:36PM +0000, Troels Arvin wrote:
> When I install Fedora from a netinstall image:
> Given that I initially
> - check the SHA256 checksum of the Fedora-Server-netinst-x86_64-23.iso
> file
> - check the GPG signature of the file which contained the checksum
> (the Fedora-Server-23-x86_64-CHECKSUM file)
> Then:
> How is the authenticity of the rest of the installation sources ensured?
> I mean: During the installation, the installer in the netinstall image
> will pull a number of packages from somewhere on the web; how does it
> insure that the packages pulled are really the unaltered Fedora packages?
Check this out for some reassurance:
https://bugzilla.redhat.com/show_bug.cgi?id=998#c54
--
Matthew Miller
<mattdm at fedoraproject.org>
Fedora Project Leader
More information about the users
mailing list