When I install Fedora from a netinstall image: Given that I initially - check the SHA256 checksum of the Fedora-Server-netinst-x86_64-23.iso file - check the GPG signature of the file which contained the checksum (the Fedora-Server-23-x86_64-CHECKSUM file) Then: How is the authenticity of the rest of the installation sources ensured? I mean: During the installation, the installer in the netinstall image will pull a number of packages from somewhere on the web; how does it insure that the packages pulled are really the unaltered Fedora packages? -- Regards, Troels Arvin -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org