Bug 55038 - Anaconda should check package signatures
Summary: Anaconda should check package signatures
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: anaconda   
(Show other bugs)
Version: 1.0
Hardware: All Linux
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Brock Organ
Keywords: FutureFeature
Depends On:
TreeView+ depends on / blocked
Reported: 2001-10-24 18:16 UTC by Elliot Lee
Modified: 2007-03-27 03:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-02-22 23:44:49 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Elliot Lee 2001-10-24 18:16:34 UTC
Anaconda should check the signatures on the packages it installs.

Comment 1 Jeremy Katz 2001-10-24 19:10:24 UTC
Hey, this is a dupe of bug 18705 which was closed wontfix! :)

Comment 2 Brent Fox 2001-10-27 14:28:29 UTC
msf, what do you think about this?  Should we do this, and if so, only for the
download version or for the retail version as well?

Comment 3 Jeremy Katz 2002-02-22 23:44:44 UTC
Where are we supposed to get the gpg key from in a reliable way?  I guess we
could stuff it into the stage2, but that would be extremely inconvenient for any
of the many people who modify install trees at all..  and we're trying to make
their lives easier, not harder.

Checking the md5sum of the package is easy enough I guess...

Comment 4 Jeremy Katz 2002-02-27 00:23:54 UTC
Checking the md5sum gives us little to no gain and there's no good way to really
get the key.  See anaconda-list for more details.

Note You need to log in before you can comment on or make changes to this bug.