From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040804 Galeon/1.3.17 Description of problem: With yum now defaulting to gpg checking (which is good) I would expect the default Fedora key (the one called RPM-GPG-KEY on the CD) to be installed at installation time. Version-Release number of selected component (if applicable): anaconda-10.1.0.2-10? (not installed) How reproducible: Always Steps to Reproduce: 1. After a fresh install do rpm -qa | grep gpg-pubkey Actual Results: Nothing is returned. Expected Results: To see at least gpg-pubkey-4f2a6fd2-3f9d9d3b Additional info:
The problem is that although trusting the media if you're doing a CD install might be reasonable, it's definitely not reasonable to trust it if you're installing from a remote network source. And anything along these lines needs to be done the same for all installation types.
Hmm I see what you are saying but it feels rather circular. If you can't trust the medium that you initially installed from then you are already dead in the water, since the RPMs comming down the network card could already have been replaced with trojans... Surely starting the trust during the install is the best you could ever hope for?
*** Bug 142793 has been marked as a duplicate of this bug. ***