On Tue, 2008-03-04 at 12:23 -0900, Jeff Spaleta wrote: > > What are the signatures you're referring to here? > > I guess I meant signed checksums, using an individual's gpg key (Not > any of the keys the fedora project is using). If people are going to > link to external images, I want to make sure we have some basic > verification available that its the image people are expecting to > find. > Ok, it brings up another point though. We don't currently have a way of verifying that the content in the Live image actually came from signed rpms. Some people may want that, especially if they're going to be built and offered outside the Fedora infrastructure and not signed by Fedora keys. More tools needed I suppose :/ -- Jesse Keating Fedora -- All my bits are free, are yours?
Attachment:
signature.asc
Description: This is a digitally signed message part
_______________________________________________ fedora-advisory-board mailing list fedora-advisory-board@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-advisory-board
