[CentOS] automatic import of rpm keys
Markus Falb
wnefal at gmail.com
Fri Jun 14 11:14:50 UTC 2013
On 13.Jun.2013, at 13:14, James Hogarth wrote:
>> I am wondering why this import is not happening automatically at install
>> time. There must be good reasons for that?
>>
>>
> Anaconda doesn't actually carry out gpg checks... I think it had that added
> during the fedora 18/19 rewrite so EL7 might cover that but certain EL5 and
> EL6 won't have that …
It makes sense then. Since anaconda does not check the signature of the centos-release rpm it can not ensure that the contained public key is not faked and leaves this exercise to the user.
I think I am getting a little confused about these trust things.
How am *I* supposed to verify the validity of those public keys.
--
Markus
More information about the CentOS
mailing list