LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for July 2, 2009

RealtimeKit and the audio problem

VFAT patent avoidance and patent workarounds

LWN.net Weekly Edition for June 25, 2009

Apache attacked by a "slow loris"

Printable page
Weekly edition Kernel Security Distributions Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ

Fedora distributes new keys

Fedora distributes new keys

Posted Sep 11, 2008 16:34 UTC (Thu) by jake (editor, #205)
In reply to: Fedora distributes new keys by skvidal
Parent article: Fedora distributes new keys

> If you run yum with the -y it will import the key automatically.

Fine, but that still doesn't verify that the key it is trying to import is the key you are wanting to import. In order to verify that (i.e. check the key signature), the manual step is required.

Since package signing keys were part of whatever the "infrastructure issues" were, it would seem prudent to verify them before importing them.

jake

(Log in to post comments)

Fedora distributes new keys

Posted Sep 11, 2008 16:39 UTC (Thu) by skvidal (subscriber, #3094) [Link]

Agreed. It is a great idea. I suggest verifying keys to everyone. I just wanted to be clear that it wasn't REQUIRED in any code sense.

Copyright © 2009, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds