Last night and this morning, I ran Fedora 18-Alpha-TC3 netinst.iso (x86_64) burned to DVD, and met the bug https://bugzilla.redhat.com/show_bug.cgi?id=849211 . About 40 minutes ago, I re-ran the DVD but the bug had been fixed. I never explicitly approved any Fedora 18 package signing key. I believe that none (zero) of the current "Fedora 18" [rawhide] packages have been signed. The download files from directory link http://dl.fedoraproject.org/pub/alt/stage/18-Alpha-TC3/Fedora/x86_64/iso/ are not accessed by the secure protocol https:// . There is a *-CHECKSUM given, but it is not signed, either. The fix for the bug 849211 was automatically downloaded and installed, insecurely. That's just a short step away from a 0-day exploit in the installer. -- _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
