Hi Todd, > Somewhere between Step 1. Install yum and Step 2. Update the packages, > there should be instructions to either add the Fedora Legacy and Red > Hat RPM GPG keys to root's keyring or to disable the gpgcheck option > in yum.conf. If all packages are signed, I wouldn't suggest turning off a security feature. Importing the GPG key would be a much better option. Thanks for that hint! Eric, what's your opinion - from my point of view the docs suggestion that Todd has written is already fine and can be published 1:1. > Of these keys, only the Red Hat site has the key fingerprints included > on the website. I think that Fedora Legacy should add this info to > the page cited above. +1 > I'm also curious about the Fedora.us key. It's included in the yum > rpm, but AFAIK, none of the packages distributed by Fedora Legacy are > signed by the Fedora.us key. Is it worth it to even distribute that > key? I don't think so. The fedora.us key is only used to sign add-on packages for 8.0/9/FC1, afaik. As fedora.us has never released any add-on packages for 7.x, including the key here doesn't make sense. Jonas
Attachment:
signature.asc
Description: This is a digitally signed message part