Jonathan Ryshpan <jonrysh <at> pacbell.net> writes: > I recently accepted an update of the Livna repository info from > livna-release-9-1.noarch to livna-release-9-2.noarch . This caused the > availability of a large number of updates from the RPMFusion repo. > > Should I trust these updates? The GPG signature for the RPMFusion repo > is not right now installed. When I updated my F8 system a short time ago I had an update to rpm-fusion also. When I checked the /etc/pki/rpm-gpg directory I now have new gpg key files for free and non-free repos from rpmfusion. I presume that when new versions of the packages I already have are available that it will ask if I wish to install the gpg keys. Doing: less /etc/yum.repos.d/rpmfusion-free-updates.repo shows that gpgcheck is enabled so if any future updates come in then it will check against the keys. Since the rpm that installed to put these new keys and repo files was itself subject to a gpg check then presumably all the new stuff is indeed "kosher"... I guess a local rpm-fusion expert will correct me if I am wrong! -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
