14 Jun
2013
14 Jun
'13
11:32 a.m.
On 06/13/2013 11:18 AM, Markus Falb wrote:
I am wondering why this import is not happening automatically at install time. There must be good reasons for that?
it boils down to how much trust you have in the install media. One school of thought is compromised media is going to be game over in many ways, other than just keys. While others consider keys to be yet-another barrier.
Keys are also published at the CentOS Mirrors, and the installer iso sum's published in the release notes. Both of these resources should be spread enough that using multiple sources, should help increase confidence levels.
- KB
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc