Bug 55038 - Anaconda should check package signatures
Summary: Anaconda should check package signatures
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Raw Hide
Classification: Retired
Component: anaconda
Version: 1.0
Hardware: All
OS: Linux
high
medium
Target Milestone: ---
Assignee: Jeremy Katz
QA Contact: Brock Organ
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2001-10-24 18:16 UTC by Elliot Lee
Modified: 2007-03-27 03:49 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2002-02-22 23:44:49 UTC
Embargoed:

Attachments (Terms of Use)

Description Elliot Lee 2001-10-24 18:16:34 UTC 
Anaconda should check the signatures on the packages it installs.
Comment 1 Jeremy Katz 2001-10-24 19:10:24 UTC 
Hey, this is a dupe of bug 18705 which was closed wontfix! :)
Comment 2 Brent Fox 2001-10-27 14:28:29 UTC 
msf, what do you think about this?  Should we do this, and if so, only for the
download version or for the retail version as well?
Comment 3 Jeremy Katz 2002-02-22 23:44:44 UTC 
Where are we supposed to get the gpg key from in a reliable way?  I guess we
could stuff it into the stage2, but that would be extremely inconvenient for any
of the many people who modify install trees at all..  and we're trying to make
their lives easier, not harder.

Checking the md5sum of the package is easy enough I guess...
Comment 4 Jeremy Katz 2002-02-27 00:23:54 UTC 
Checking the md5sum gives us little to no gain and there's no good way to really
get the key.  See anaconda-list for more details.
Note You need to log in before you can comment on or make changes to this bug.