Re: Secrecy and user trust

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Mike McCarty wrote:
jdow wrote:


If this can be done once in an initial install situation it can be done
again in an update situation using the same mechanism.

One way is to download the stuff from Red Hat's site itself,
and trust that no one has managed to intercept your communications.

Actually you don't need "the stuff" other than the new key, do you? And the sha1sum (or even sha256sum) of the key and the ISO install image. Once you have that you can trust the mirrors, because even if someone can corrupt a mirror it will be detected. And a list of checksums for all packages released against FC[89] so I can check my archived RPMs against it.

That should restore the level of trust present for any previous Fedora release.

--
Bill Davidsen <davidsen@xxxxxxx>
  "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux