SRPM lists for spins LiveISOs
Ralf Ertzinger
fedora at camperquake.de
Mon Mar 10 17:29:50 UTC 2008
Hi.
On Mon, 10 Mar 2008 09:20:08 -0800, Jeff Spaleta wrote
> Any way you can have this tool also test the key signatures of
> packages in the iso?
> This came up in fab concerning hosting externally built isos as part
> of a tiered collection of spins. Is it possible for your tool, or a
> related tool that you can build this week, to verify that the livecd
> contents come from packages signed by the Fedora key (or a specific
> group of keys)?
What do you gain by doing that? Unless you turn every bit on the iso
around you can not be sure that the packages are not tampered with after
installation.
More information about the fedora-devel-list
mailing list