On Sun, 2012-06-03 at 19:56 +0200, Björn Persson wrote: > I also won't install anything that I haven't checked the PGP signature on. > That excludes netinst.iso and Preupgrade, and if I use Anaconda I have to be > careful to not let it download anything. The checksums of the images themselves are signed, and the images are built by the same team that controls the process for signing individual packages, using a process by which only packages from the Fedora build system could possibly be included. You can't logically claim to trust the individual packages but not trust the signatures on the DVD/netinst images. They are precisely equally trustworthy. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
