Matias Féliciano said: > Le mardi 26 octobre 2004 à 08:25 -0400, William Hooper a écrit : > >> nodata said: >>> A recent scam involving fake updates to Fedora has highlighted the >>> lack of signed RPMs for Fedora Core. >> >> How? Would it make you feel better if the fake updates had installed a >> signature first? > > Impossible. gpg check is done _before_ installing the package. Very possible. The fake updates weren't directly an RPM, the instructions had you run a shell script. -- William Hooper