[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: PackageKit Misconceptions

From: "Kristian Høgsberg" <krh bitplanet net>
To: "Discussions about development for the Fedora desktop" <fedora-desktop-list redhat com>
Subject: Re: PackageKit Misconceptions
Date: Wed, 22 Aug 2007 14:15:30 -0400

On 8/22/07, Jesse Keating <jkeating redhat com> wrote:
> On Wed, 22 Aug 2007 13:53:40 -0400
> David Zeuthen <davidz redhat com> wrote:
>
> > Assume that Alice gets Fedora from Mallory's mirror. What prevents
> > Mallory from patching the rpm and yum programs that end up on Alice's
> > system to avoid honoring the keys that we, painfully, make her import?
>
> I honestly don't have an answer for this.  They could.  Should we then
> just throw out any and all verification utilities?  That would make
> life easier.

No, that's not the point.  The MD5 checksum we have in place now are
useful and should be kept.  The point is that with those measures in
place, why don't we just ship the Fedora GPG by default?

Kristian

Follow-Ups:
- Re: PackageKit Misconceptions
  - From: Jesse Keating

References:
- PackageKit Misconceptions
  - From: Richard Hughes
- Re: PackageKit Misconceptions
  - From: Jesse Keating
- Re: PackageKit Misconceptions
  - From: Christopher Aillon
- Re: PackageKit Misconceptions
  - From: Jesse Keating
- Re: PackageKit Misconceptions
  - From: David Zeuthen
- Re: PackageKit Misconceptions
  - From: Jesse Keating

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]