[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: PackageKit Misconceptions

From: "Jeff Spaleta" <jspaleta gmail com>
To: "Discussions about development for the Fedora desktop" <fedora-desktop-list redhat com>
Subject: Re: PackageKit Misconceptions
Date: Wed, 22 Aug 2007 13:13:38 -0800

On 8/22/07, David Zeuthen <davidz redhat com> wrote:
> Assume that Alice gets Fedora from Mallory's mirror. What prevents
> Mallory from patching the rpm and yum programs that end up on Alice's
> system to avoid honoring the keys that we, painfully, make her import?

would signing our mirror metadata help?
would importing the provided keys at install time help?
(We have to assume the install media is trusted)

-jef

References:
- PackageKit Misconceptions
  - From: Richard Hughes
- Re: PackageKit Misconceptions
  - From: Jesse Keating
- Re: PackageKit Misconceptions
  - From: Christopher Aillon
- Re: PackageKit Misconceptions
  - From: Jesse Keating
- Re: PackageKit Misconceptions
  - From: David Zeuthen

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]