Adam Williamson wrote: > On Sun, 2012-06-03 at 19:56 +0200, Björn Persson wrote: > > I also won't install anything that I haven't checked the PGP signature > > on. That excludes netinst.iso and Preupgrade, and if I use Anaconda I > > have to be careful to not let it download anything. > > The checksums of the images themselves are signed, and the images are > built by the same team that controls the process for signing individual > packages, using a process by which only packages from the Fedora build > system could possibly be included. > > You can't logically claim to trust the individual packages but not trust > the signatures on the DVD/netinst images. They are precisely equally > trustworthy. Once I have verified the signature on an ISO image I trust the packages and other software that is included in that image. If that software downloads more packages off the Net, then I don't trust those packages unless the signatures on those packages are being verified. Anaconda doesn't verify package signatures (bug 998), so I don't trust Anaconda to download packages. Preupgrade also didn't verify any signatures last time I checked, so I don't trust Preupgrade. Yum, on the other hand, does verify the package signatures, so I trust Yum. (I always check that all repositories that are configured with "enabled=1" also have "gpgcheck=1". I really hope Yum doesn't ignore that setting.) So the available options are: · netinst.iso: downloads packages and installs them unverified ⇒ unacceptable · DVD with the updates repository enabled: downloads packages and installs them unverified ⇒ unacceptable · DVD without the updates repository: installs only packages included in the DVD image, which I verified ⇒ OK (at least from a security point of view) · Yum: downloads packages, verifies them, and then installs them ⇒ OK · Preupgrade: downloads a kernel, a ramdisk and packages, and installs them unverified ⇒ unacceptable Björn Persson
Attachment:
signature.asc
Description: This is a digitally signed message part.
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
