Mike McCarty wrote:
jdow wrote:
If this can be done once in an initial install situation it can be done
again in an update situation using the same mechanism.
One way is to download the stuff from Red Hat's site itself,
and trust that no one has managed to intercept your communications.
Actually you don't need "the stuff" other than the new key, do you? And
the sha1sum (or even sha256sum) of the key and the ISO install image.
Once you have that you can trust the mirrors, because even if someone
can corrupt a mirror it will be detected. And a list of checksums for
all packages released against FC[89] so I can check my archived RPMs
against it.
That should restore the level of trust present for any previous Fedora
release.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
