Description of problem: The install guide specifies to download the kernel/initrd for PXE boots over an unencrypted connection and skips any form of verification. Version-Release number of selected component (if applicable): N/A How reproducible: 100% Steps to Reproduce: 1. Follow instructions: https://docs.fedoraproject.org/en-US/Fedora/21/html/Installation_Guide/pxe-kernel.html (note the wget URLs) Actual results: If just a single network between my machine being booted and the Red Hat download server is malicious, then my machine could get 0wned :( (and I would probably be none the wiser) Expected results: To be able to securely install an operating system in 2015 on my new hard drive in a single evening without crying in despair. And to not have a deep dark fear that the instructions on the previous page are also horribly insecure: https://docs.fedoraproject.org/en-US/Fedora/21/html/Installation_Guide/pxe-bootloader.html (I really hope those stage2 and root lines verify the image that is downloaded)
The install guide has been retired, therefore I'm closing this bug. If you would like to report Fedora docs bugs in the future, please use the "bug" icon on the top right of the affected page, it will take you directly to the appropriate issue tracker.