Bug 117647 - Sign the installer binaries?
Sign the installer binaries?
Product: Fedora
Classification: Fedora
Component: distribution (Show other bugs)
All Linux
low Severity medium
: ---
: ---
Assigned To: Bill Nottingham
Bill Nottingham
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2004-03-05 23:07 EST by Chris Adams
Modified: 2014-03-16 22:43 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2005-09-30 16:40:46 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Chris Adams 2004-03-05 23:07:25 EST
All the distribution RPMs are signed, so they can be verified.  The
MD5SUMs file is signed and can be verified (so CD images can be
checked for "authenticity"), but remastering into a DVD is becoming
more common.  Unless there is an "official" FC DVD image (and as a
mirror, I'm not looking forward to that from a disk space
perspective), it would be nice if Red Hat/the Fedora Project would
come up with a way of signing the non-RPM binaries used in
installation (or signing an MD5SUM type file, maybe with a
verification script provided).

I think the important files are everything under the Fedora/base and
the kernel and initrd files under the images directory.

Just kind of "thinking out loud" as I was burning my own DVD of FC2t1;
I know people that'd like a copy of FC2 release on DVD, but how can
they verify that I didn't tamper with it?  I could mess with the
installer so that it didn't install exactly the RPMs on the disk. 
Maybe I'm just paranoid. :-)
Comment 1 Barry K. Nathan 2004-07-17 00:25:09 EDT
Well, there are official FC DVD ISO images now, for what that's worth...
Comment 2 Bill Nottingham 2005-09-30 16:40:46 EDT
Closing bugs on older, no longer supported, releases. Apologies for any lack of

With official DVD releases and signed MD5SUMS of those, further changes aren't

Note You need to log in before you can comment on or make changes to this bug.