-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Eric Rostetter wrote: > Just an FYI, there have neen numerous updates to the web site > lately, so if you haven't checked it out for a while you might want > to do so now. Very good work to all the folks who've helped create all the content. I have a suggestion that might help defer some questions when people start using yum. This would go on the documentation page for using yum with 7.x[1] Somewhere between Step 1. Install yum and Step 2. Update the packages, there should be instructions to either add the Fedora Legacy and Red Hat RPM GPG keys to root's keyring or to disable the gpgcheck option in yum.conf. Otherwise, the user will get an error when they run yum update and will end up here asking questions or looking elsewhere for their updates. The instructions should be pretty simple, here's a stab at them. I'd put this in Step 1 along with installing yum, unless you web writers feel it should be its own separate step. ====================================================================== Add the GPG keys used to sign packages to root's keyring. These keys are installed with the yum documentation. # gpg --import /usr/share/doc/yum-1.0.3/*GPG-KEY Note: If you've never used gpg before as root, you will need to run the command again so that gpg can read it's newly created options file. You may also want to verify that the GPG fingerprints of these keys match those that are published by each vendor. Red Hat: https://www.redhat.com/security/keys.html Fedora: ??? Fedora Legacy: http://www.fedoralegacy.org/about/security.php ====================================================================== Of these keys, only the Red Hat site has the key fingerprints included on the website. I think that Fedora Legacy should add this info to the page cited above. I'm also curious about the Fedora.us key. It's included in the yum rpm, but AFAIK, none of the packages distributed by Fedora Legacy are signed by the Fedora.us key. Is it worth it to even distribute that key? It might just confuse a new user. Anyone that's looking to also get content from fedora.us should know how to add that key anyway. It is listed right on the fedora.us home page, so it's not hard to locate. Though again, I don't see the key fingerprint on the site. [1] http://www.fedoralegacy.org/docs/yum-rh7x.php - -- Todd OpenPGP -> KeyID: 0xD654075A | URL: www.pobox.com/~tmz/pgp ====================================================================== Eagles may soar, but weasels don't get sucked into jet engines -- Steven Wright -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) Comment: When crypto is outlawed bayl bhgynjf jvyy unir cevinpl. iD8DBQFAGc/Fuv+09NZUB1oRAkz2AJ98hUm93TjlokjbnnF515/2pYKmiwCg3f3Z ikA8Rlu9/F/2cWCP1eWHlIY= =Wu0W -----END PGP SIGNATURE-----
