Bug 485606

Summary: Do I trust Fedora? 8)
Product: [Fedora] Fedora Reporter: Michael <mclroy>
Component: gnome-packagekitAssignee: Richard Hughes <richard>
Status: CLOSED CANTFIX QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: urgent Docs Contact:
Priority: low    
Version: 10CC: richard, robin.norwood
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2009-04-15 16:41:11 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Michael 2009-02-15 08:19:41 UTC 
Description of problem:
Right after the installation of Fedora it updates itself and immediately asks:
"Checking signatures":
"Do you trust the source of the packages?"
Repository name: updates
Signature URL: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-i386
I think it means that I have to agree that I trust the freshly installed key.
Do I?
Shall I?
The mind blowing question.

Version-Release number of selected component (if applicable):
gnome-packagekit-0.3.14-1.fc10.i386  (after some time)

How reproducible:
"Update system": "Checking signatures": "Do you trust the source of the packages?"
Repository name: updates
Signature URL: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-i386

Steps to Reproduce:
1. boot from DVD
2. install Fedora and reboot, wait a little
3. update Fedora

Expected results:
gnome-packagekit shall import the system key during installation.
Comment 1 Richard Hughes 2009-04-15 16:41:11 UTC 
It does if you use the live cd. I know it's crazy, but the anaconda guys are hard to convince.