2008/2/25 Peter Kjellstrom <cap at nsc.liu.se>: > We have to assume that the install the user has is intact and uncompromised. > Why? Well, if it has been compromised in any way then not only could it > contain a malicious /etc/pki, it could of course have different gpgkey= lines > in the .repo files... Or a modified yum or RPM that only appears to do verification. I agree that we should at the very least suppose that the user verifies the installation media. As for DNS poisoning or hacking, that misery can potentially happen to everyone, and a good manner to guard against this is relying on the pre-installed key from media that was proven to be correct. So, I think this should be the default behavior. Take care, Daniel