14 Jun
2013
14 Jun
'13
11:14 a.m.
On 13.Jun.2013, at 13:14, James Hogarth wrote:
I am wondering why this import is not happening automatically at install time. There must be good reasons for that?
Anaconda doesn't actually carry out gpg checks... I think it had that added during the fedora 18/19 rewrite so EL7 might cover that but certain EL5 and EL6 won't have that …
It makes sense then. Since anaconda does not check the signature of the centos-release rpm it can not ensure that the contained public key is not faked and leaves this exercise to the user.
I think I am getting a little confused about these trust things. How am *I* supposed to verify the validity of those public keys.
--
Markus