[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Should Fedora rpms be signed?



Matias Féliciano said:
> Le mardi 26 octobre 2004 à 08:25 -0400, William Hooper a écrit :
>
>> nodata said:
>>> A recent scam involving fake updates to Fedora has highlighted the
>>> lack of signed RPMs for Fedora Core.
>>
>> How?  Would it make you feel better if the fake updates had installed a
>>  signature first?
>
> Impossible. gpg check is done _before_ installing the package.

Very possible. The fake updates weren't directly an RPM, the instructions
had you run a shell script.

-- 
William Hooper


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]