Do you trust the source of the packages?
brian
fedora at logi.ca
Wed Jul 15 18:03:36 UTC 2009
I just tried to run software update again and got the following msg:
-- snip --
Do you trust the source of the packages?
Repository name: updates
Signature URL: /etc/pki/rpm/-gpg/RPM-GPG-KEY-fedora-i386
Signature user identifier: Fedora(11) <fedora at fedoraproject.org>
Signature identifier: D22E77F2
Package: xfsprogs-3.0.1-6.fc11
Do you recognise the user and trust the key?
-- snip --
Well, yes, I recognise that. But how can I know to trust it? I see the
email address is at fedoraproject.org but I have no idea how to
interpret the "Signature identifier" nor whether updates can be spoofed.
I'm not being paranoid--I figure this may have something to do with the
recent updates issue and it's probably fine. I'm just curious about
this. What criteria should I use to decide whether or not to accept this?
Also, why in heck can't I select & copy text in this kind of message
dialogue? Booooo!
More information about the fedora-list
mailing list