Bug 136461
Summary: | "unsigned package" problems | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Need Real Name <lsof> |
Component: | distribution | Assignee: | Jeremy Katz <katzj> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 3 | CC: | feliciano.matias, katzj |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2004-10-25 22:21:17 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Need Real Name
2004-10-20 09:22:09 UTC
Not all rawhide packages are signed. Reassigning. "All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified." -- http://www.redhat.com/security/ No they're not. Does this mean the updates I installed are not valid? 1. fedora core is not a product, it is a project. 2. releases from rawhide are not official. > 1. fedora core is not a product, it is a project. There are "Fedora Project" and "Fedore Core". http://fedora.redhat.com/ * "The goal of The Fedora Project is to work with the Linux community to build a complete, general purpose operating system exclusively from free software." An operating system is also a "product". Here, you can buy the "product" not the projet : http://fedora.redhat.com/download/vendors.html The point here, is not to sign the projet but the "product" known as "Fedora Core". Here you can get the latest official snapshot of Rawhide (Rawhide is "produced" by the Fedora projet) : http://fedora.redhat.com/download/test.html > 2. releases from rawhide are not official. FC3T1 http://www.redhat.com/archives/fedora-announce-list/2004-July/msg00012.html FC3T2 http://www.redhat.com/archives/fedora-announce-list/2004-September/msg00024.html FC3T3 http://www.redhat.com/archives/fedora-announce-list/2004-October/msg00005.html A test release is a rawhide snapshot. All packages are signed. Iso come with a signed MD5SUM : $ gpg --verify MD5SUM gpg: Signature faite mer 06 oct 2004 18:58:49 CEST avec la clé DSA ID 4F2A6FD2 gpg: Bonne signature de "Fedora Project <fedora>" |