> How? Would it make you feel better if the fake updates had installed a > signature first? Or told you that you had to install a new key from the > fake site? The ONLY thing that signatures tell you is that the RPM has > been signed with a particular key, that's it. An rpm signed by Red Hat tells me that Red Hat signed it. No signature == no install. Many of the releases in Rawhide are not signed, why not? > The only thing that was shown is that there are potentially people that > will blindly follow directions from any random e-mail they recieve. > > (I leave to others to explain the difference between "Fedora Core" RPMs > (that are signed) and "Rawhide" RPMs (which may or may not be signed).) > > -- > William Hooper > > --