219502 – Ask the user if they want to import the gpg key, rather than just doing it

Bug 219502 - Ask the user if they want to import the gpg key, rather than just doing it

Summary: Ask the user if they want to import the gpg key, rather than just doing it

Keywords:
Status:	CLOSED WONTFIX
Alias:	None
Product:	Red Hat Satellite 5
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	500
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Mike McCune
QA Contact:	Corey Welton
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	173427
TreeView+	depends on / blocked

Reported:	2006-12-13 16:21 UTC by James Bowes
Modified:	2013-01-10 09:51 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-04-04 18:26:34 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Description James Bowes 2006-12-13 16:21:13 UTC

The satellite installer just blindly rpm --imports what it assumes will be the
Red Hat gpg key. Someone could get sneaky and replace it with something else,
compromising the system. Instead, we should ask the user if it's ok, saying
where the gpg key is, and what the key id is, etc.

Our wonderful Co-op says:
 <@kganong> jbowes, bretm-laptop: Its located in install_main.pl, sub 
                 setup_gpg
 <@kganong> jbowes: also located in satInstall.py, def addGPGKey,   but I 
                 don't know if that is active code.

Note You need to log in before you can comment on or make changes to this bug.