web site updates
Jonas Pasche
mail at jonaspasche.de
Fri Jan 30 12:56:03 UTC 2004
Hi Todd,
> Somewhere between Step 1. Install yum and Step 2. Update the packages,
> there should be instructions to either add the Fedora Legacy and Red
> Hat RPM GPG keys to root's keyring or to disable the gpgcheck option
> in yum.conf.
If all packages are signed, I wouldn't suggest turning off a security
feature. Importing the GPG key would be a much better option. Thanks for
that hint!
Eric, what's your opinion - from my point of view the docs suggestion
that Todd has written is already fine and can be published 1:1.
> Of these keys, only the Red Hat site has the key fingerprints included
> on the website. I think that Fedora Legacy should add this info to
> the page cited above.
+1
> I'm also curious about the Fedora.us key. It's included in the yum
> rpm, but AFAIK, none of the packages distributed by Fedora Legacy are
> signed by the Fedora.us key. Is it worth it to even distribute that
> key?
I don't think so. The fedora.us key is only used to sign add-on packages
for 8.0/9/FC1, afaik. As fedora.us has never released any add-on
packages for 7.x, including the key here doesn't make sense.
Jonas
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-legacy-list/attachments/20040130/060a87e9/attachment.sig>
More information about the fedora-legacy-list
mailing list