Please do not reply directly to this email. All additional comments should be made in the comments box of this bug report. Summary: FTP/NFS install/upgrade is unsafe, should check GPG signatures. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998 bugzilla@xxxxxxxxxx changed: What |Removed |Added ---------------------------------------------------------------------------- Severity|security |normal Keywords| |Security ------- Additional Comments From samuel@xxxxxxxxxxx 2006-04-24 04:13 EST ------- It just hit me that multiple repositories aren't that big of a problem -- that's what the web of trust is for. Red Hat can have a repository signing key that signs the keys used in 'trusted' repositories. This would not give automatic trust to those repositories, but people could, at least, be able to trust those second/third level keys with some level of knowledge that they are, at least, not using completely anonymous keys. -- Configure bugmail: https://bugzilla.redhat.com/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug, or are watching someone who is.
