[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: web site updates



Hi Todd,

> Somewhere between Step 1. Install yum and Step 2. Update the packages,
> there should be instructions to either add the Fedora Legacy and Red
> Hat RPM GPG keys to root's keyring or to disable the gpgcheck option
> in yum.conf.

If all packages are signed, I wouldn't suggest turning off a security
feature. Importing the GPG key would be a much better option. Thanks for
that hint!

Eric, what's your opinion - from my point of view the docs suggestion
that Todd has written is already fine and can be published 1:1.

> Of these keys, only the Red Hat site has the key fingerprints included
> on the website.  I think that Fedora Legacy should add this info to
> the page cited above.

+1

> I'm also curious about the Fedora.us key.  It's included in the yum
> rpm, but AFAIK, none of the packages distributed by Fedora Legacy are
> signed by the Fedora.us key.  Is it worth it to even distribute that
> key?

I don't think so. The fedora.us key is only used to sign add-on packages
for 8.0/9/FC1, afaik. As fedora.us has never released any add-on
packages for 7.x, including the key here doesn't make sense.

Jonas

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]