Bug 55038

Summary: Anaconda should check package signatures
Product: [Retired] Red Hat Raw Hide Reporter: Elliot Lee <sopwith>
Component: anacondaAssignee: Jeremy Katz <katzj>
Status: CLOSED WONTFIX QA Contact: Brock Organ <borgan>
Severity: medium Docs Contact:
Priority: high    
Version: 1.0CC: msf
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2002-02-22 23:44:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Elliot Lee 2001-10-24 18:16:34 UTC 
Anaconda should check the signatures on the packages it installs.
Comment 1 Jeremy Katz 2001-10-24 19:10:24 UTC 
Hey, this is a dupe of bug 18705 which was closed wontfix! :)
Comment 2 Brent Fox 2001-10-27 14:28:29 UTC 
msf, what do you think about this?  Should we do this, and if so, only for the
download version or for the retail version as well?
Comment 3 Jeremy Katz 2002-02-22 23:44:44 UTC 
Where are we supposed to get the gpg key from in a reliable way?  I guess we
could stuff it into the stage2, but that would be extremely inconvenient for any
of the many people who modify install trees at all..  and we're trying to make
their lives easier, not harder.

Checking the md5sum of the package is easy enough I guess...
Comment 4 Jeremy Katz 2002-02-27 00:23:54 UTC 
Checking the md5sum gives us little to no gain and there's no good way to really
get the key.  See anaconda-list for more details.