new isos?
Ralf Corsepius
rc040203 at freenet.de
Wed Sep 10 02:04:27 UTC 2008
On Tue, 2008-09-09 at 19:56 +0530, Rahul Sundaram wrote:
> Frode Petersen wrote:
> > I can't remember having seen them mentioned in the info about the
> > ongoing repackaging, so just to get it confirmed: Will the isos also be
> > repackaged with new keys (inside the image, if relevant, and for the
> > download)?
>
> No. This was mentioned in one of the announcements.
=> Anybody installing Fedora from iso will have the "seemingly
compromised gpg key" installed in his rpm-database.
=> There will be a time-window during which such systems will be
receptive to compromised packages.
This window could have been avoided by using a new gpg-key.
Of cause, this actually does change much, because if the gpg-key should
have been compromised, all existing installations of FC8/9 currently are
receptive to such compromised packages.
Ralf
More information about the fedora-list
mailing list