Announcing Fedora 7 Test 3 (6.92)
Rahul Sundaram
sundaram at fedoraproject.org
Mon Apr 2 05:37:51 UTC 2007
Todd Zullinger wrote:
> One downside of just grabbing the boot.iso and installing is that
> there is no signature for that file (or the others in the images/ dir
> of the Fedora os tree. I asked about this on the devel list last week
> but didn't get much in the way of replies.
With the merge of core and extras, the traffic on fedora-devel is a bit
insane. Guess that's just the pain of growing up. Finding a good
subject is essential. I just looked up your post and it wasn't
particularly clear to me. If you don't attention in the first post might
as well as try again after a few days or file a report if that's a
(potential" bug. Bug reports get assigned to specific folks and ignoring
them is harder.
> It seems to me that starting the OS install from a bootable file that
> cannot be easily verified[1] is a problem that shouldn't exist. All
> of the packages Fedora pushes are gpg signed, as are the full .iso
> images. I've not looked at the anaconda source to see if gpg checking
> is enabled during installation, but I would think (hope) that it would
> (should) be.
>
> Do you see this as a problem Rahul? I think it is and would like to
> see it corrected but I'm not sure where to take it. I may end up
> opening a bug about it some afternoon, just so it doesn't go away
> (assuming there isn't one opened already).
Yep, that's a issue. File a bug report against the "distribution"
component. Jesse Keating or Bill Nottingham should be looking into that.
Rahul
More information about the fedora-list
mailing list