Hi. On Mon, 10 Mar 2008 09:20:08 -0800, Jeff Spaleta wrote > Any way you can have this tool also test the key signatures of > packages in the iso? > This came up in fab concerning hosting externally built isos as part > of a tiered collection of spins. Is it possible for your tool, or a > related tool that you can build this week, to verify that the livecd > contents come from packages signed by the Fedora key (or a specific > group of keys)? What do you gain by doing that? Unless you turn every bit on the iso around you can not be sure that the packages are not tampered with after installation. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
