> Is it possible to have Kickstart verify digital signatures on RPMs > during the installation process? > > We want to have a kickstart server that serves several different network > tiers, however, our security team is concerned that if an attacker were > to get onto the system, they could replace some of the RPM's with his > own and each time a new system was kickstarted, would have the bogus > RPM. Nope. See the very old bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=998 - Chris
