Le Jeu 10 janvier 2013 20:41, Adam Jackson a écrit : > For the same reason Firefox doesn't automatically accept self-signed SSL > certs, and the same reason that ssh doesn't automatically accept new > host keys: it'd be creating trust from thin air. Checking packages are signed by the same key as the installer when yum happily trawls half the internet to find mirrors managed by god knows who is not thin air security. Right now the only thing that could make our installation process more laughably insecure is lapping an 'own me' label on one of anaconda's install screens. Sure checking signature would not be perfect security, but your argument is akin to removing airbags from cars that do not have an abs to 'avoid creating a false sense of security' -- Nicolas Mailhot -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
