I just did a FC6/x86_64 clean install. I then tried "yum update" as
root and it also wanted to load new keys.
# yum update
...
Total download size: 20 M
Is this ok [y/N]: y
Downloading Packages:
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID 4f2a6fd2
Importing GPG key 0x4F2A6FD2 "Fedora Project <fedora@xxxxxxxxxx>"
Is this ok [y/N]: n
Needless to say this rang warning bells. Why would a fresh install
need to install some previously unknown keys? If they keys are legit,
shouldn't they have been loaded at the factory (so to speak)???
The worst aspect of this is that it trains users to blindly press "y"
when presented with questions that have strong security implications.
How is the average user supposed to even know if that request is legit
or not?
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
