Description of problem:
the fedora keys to verify packages should be part of the installation iso-image
to prevent spoofing
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. install fedora
2. run up2date-gui
3. up2date wants to download a key
A workaround is to use up2date-config, unclick on "Use GPG to verify package
integrity" under Retrieval / Installation and save.
Does up2date download it or grab it from /usr/share/rhn/...?
good point! it justs asks if I want to install the key, but does not say from
where... so it might be from /usr/share/rhn
It imports from /usr/share/rhn which is not a bug and doesnt have a chance of