Bug 18705 - RFE: Allow checking RPM signatures before doing install
RFE: Allow checking RPM signatures before doing install
Status: CLOSED WONTFIX
Product: Red Hat Linux
Classification: Retired
Component: anaconda (Show other bugs)
7.0
i386 Linux
low Severity medium
: ---
: ---
Assigned To: Matt Wilson
Brock Organ
Message-ID: <20001009075049.A14422@bp...
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2000-10-09 07:51 EDT by James Manning
Modified: 2007-03-26 23:36 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2001-09-17 14:53:00 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description James Manning 2000-10-09 07:51:31 EDT
we should allow the expert install path to load a RH sig from floppy and
checksig the package list to be installed before actually installing them
(or at install time, as this may be more reasonable for ftp installs since
we need to check the file after it's been copied locally.  Yes, this places
the burden upon the installing person to get a good sig on a floppy, but
for the security paranoid among us, that's the easy part :)  The best
benefit is that we only need a real RH sig, and then we can "safely"
install from any mirror of the RH distro (making sure to check the
integrity of the second-stage loader as well, perhaps?)  Of course, then
beta testers simply need a "beta" and a "real" RH key floppy around (and
only if they're paranoid enough to have the installer check).

ok, yes, a little buzz-wordy, but one more checkmark on the positive side
of RH Linux when useless threads on slashdot get started.
Comment 1 Jeremy Katz 2000-12-15 01:27:53 EST
Note that if this is done, you probably want to make it so that an arbitrary
number of keys can be checked against for sites which do site-specific package
changes

Note You need to log in before you can comment on or make changes to this bug.