Totem Movie Player
Tim
ignored_mailbox at yahoo.com.au
Wed Jul 1 14:54:38 UTC 2009
On Wed, 2009-07-01 at 06:05 +0200, gilpel at altern.org wrote:
> I must admit I thought I was downloading from rpmfusion instead of
> rpmfind. I now find that I downloaded from:
>
> ftp://fr2.rpmfind.net/linux/rpmfusion/free/fedora/development/x86_64/os/libquicktime-1.1.1-2.fc11.x86_64.rpm
>
> rpmfusion is in the path only as a directory. Is rpmfind considered a
> safe source for downloads? Of course, the packages didn't install as
> they were already downloaded, but I'm afraid I did accept their key.
> Is it preferable to remove it?
Who's key was "theirs"? One from rpmfusion or rpmfind?
Yum (and packagekit using yum) use a mirror list to get your files from
a random repo mirror on their list. We'd generally trust that whoever
compiled the list only included trustworthy mirrors, and I've not heard
comments to suggest otherwise. The only problems I've read about have
been about mirrors which are slow to download from, or slow for updates
to appear on.
Each of the repos has, or should have, a public key for verification
before you use their repo.
--
[tim at localhost ~]$ uname -r
2.6.27.25-78.2.56.fc9.i686
Don't send private replies to my address, the mailbox is ignored. I
read messages from the public lists.
More information about the fedora-list
mailing list