Anders Karlsson wrote:
* Travis Arnold <vestwearingpunk@xxxxxxxxx> [20080902 22:52]:
[drivel snipped]
Hey I am currently downloading the ISO dvd to install after I finish my
day's lessons, is this not a good idea to do?
The word from the Fedora folks on Aug 14th was - don't update until
further notice. Since then, they have - IIRC - said it's safe to do
so. The ISO's should be safe, as well as the packages that you can
update to from the servers.
New updates should start rolling once they have resigned everything.
Distributing that will be quite slow, since they need to (a) validate,
then (b) sign, then (c) distribute out-of-band to mirrors, and then
hardest of all find a secure way to provide the public part of the
signing key. Obviously you don't risk letting someone slip in a bogus
NEW fake key and go around on this again.
Suggestion: since the livna key is still secure (AFAIK) let them
distribute the new Fedora key and sign the RPM.
--
Bill Davidsen <davidsen@xxxxxxx>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines