Bug 55038 - Anaconda should check package signatures
Anaconda should check package signatures
Product: Red Hat Raw Hide
Classification: Retired
Component: anaconda (Show other bugs)
All Linux
high Severity medium
: ---
: ---
Assigned To: Jeremy Katz
Brock Organ
: FutureFeature
Depends On:
  Show dependency treegraph
Reported: 2001-10-24 14:16 EDT by Elliot Lee
Modified: 2007-03-26 23:49 EDT (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2002-02-22 18:44:49 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Elliot Lee 2001-10-24 14:16:34 EDT
Anaconda should check the signatures on the packages it installs.
Comment 1 Jeremy Katz 2001-10-24 15:10:24 EDT
Hey, this is a dupe of bug 18705 which was closed wontfix! :)
Comment 2 Brent Fox 2001-10-27 10:28:29 EDT
msf, what do you think about this?  Should we do this, and if so, only for the
download version or for the retail version as well?
Comment 3 Jeremy Katz 2002-02-22 18:44:44 EST
Where are we supposed to get the gpg key from in a reliable way?  I guess we
could stuff it into the stage2, but that would be extremely inconvenient for any
of the many people who modify install trees at all..  and we're trying to make
their lives easier, not harder.

Checking the md5sum of the package is easy enough I guess...
Comment 4 Jeremy Katz 2002-02-26 19:23:54 EST
Checking the md5sum gives us little to no gain and there's no good way to really
get the key.  See anaconda-list for more details.

Note You need to log in before you can comment on or make changes to this bug.