On Wed, 2009-07-01 at 06:05 +0200, gilpel@xxxxxxxxxx wrote: > I must admit I thought I was downloading from rpmfusion instead of > rpmfind. I now find that I downloaded from: > > ftp://fr2.rpmfind.net/linux/rpmfusion/free/fedora/development/x86_64/os/libquicktime-1.1.1-2.fc11.x86_64.rpm > > rpmfusion is in the path only as a directory. Is rpmfind considered a > safe source for downloads? Of course, the packages didn't install as > they were already downloaded, but I'm afraid I did accept their key. > Is it preferable to remove it? Who's key was "theirs"? One from rpmfusion or rpmfind? Yum (and packagekit using yum) use a mirror list to get your files from a random repo mirror on their list. We'd generally trust that whoever compiled the list only included trustworthy mirrors, and I've not heard comments to suggest otherwise. The only problems I've read about have been about mirrors which are slow to download from, or slow for updates to appear on. Each of the repos has, or should have, a public key for verification before you use their repo. -- [tim@localhost ~]$ uname -r 2.6.27.25-78.2.56.fc9.i686 Don't send private replies to my address, the mailbox is ignored. I read messages from the public lists. -- fedora-list mailing list fedora-list@xxxxxxxxxx To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
