[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: rpm --import



On Fri, Jan 07, 2005 at 12:09:52PM +0100, Ralf Ertzinger wrote:
> Florin Andrei <florin andrei myip org> wrote:
> 
> > One thing that i noticed the newbies get confused with is the "rpm --
> > import (blah)GPG-KEY" trick that has to be done after installing a new
> > system.
> 
> I'm sure there is a good reason why the keys are not imported by the installer
> by default, would someone be so kind to tell me why?

Security.  It's generally a good idea to validate that the key you're
adding to the keyring is really the one that you think it is, and if this
keyring addition were done automatically, then someone could switch out the
keys, thus a malicious key would be automatically added to the keyring.
Things start to go downhill from that point.

- jkt

-- 
--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*--*
Jay Turner, QA Technical Lead      jkt redhat com             Red Hat, Inc. 

            If I had only known, I would have been a locksmith.
                                                   - Albert Einstein


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]