Red Hat Bugzilla – Bug 138619
Clean install didn't RPM install default Fedora gpg key (RPM-GPG-KEY)
Last modified: 2007-11-30 17:10:54 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2)
Description of problem:
With yum now defaulting to gpg checking (which is good) I would expect
the default Fedora key (the one called RPM-GPG-KEY on the CD) to be
installed at installation time.
Version-Release number of selected component (if applicable):
anaconda-10.1.0.2-10? (not installed)
Steps to Reproduce:
1. After a fresh install do rpm -qa | grep gpg-pubkey
Actual Results: Nothing is returned.
Expected Results: To see at least gpg-pubkey-4f2a6fd2-3f9d9d3b
The problem is that although trusting the media if you're doing a CD
install might be reasonable, it's definitely not reasonable to trust
it if you're installing from a remote network source. And anything
along these lines needs to be done the same for all installation types.
Hmm I see what you are saying but it feels rather circular. If you
can't trust the medium that you initially installed from then you are
already dead in the water, since the RPMs comming down the network
card could already have been replaced with trojans... Surely starting
the trust during the install is the best you could ever hope for?
*** Bug 142793 has been marked as a duplicate of this bug. ***