Should Fedora rpms be signed?
William Hooper
whooperhsd3 at earthlink.net
Thu Oct 28 12:29:05 UTC 2004
Matias Féliciano said:
> Le mardi 26 octobre 2004 à 08:25 -0400, William Hooper a écrit :
>
>> nodata said:
>>> A recent scam involving fake updates to Fedora has highlighted the
>>> lack of signed RPMs for Fedora Core.
>>
>> How? Would it make you feel better if the fake updates had installed a
>> signature first?
>
> Impossible. gpg check is done _before_ installing the package.
Very possible. The fake updates weren't directly an RPM, the instructions
had you run a shell script.
--
William Hooper
More information about the fedora-test-list
mailing list