[CentOS] automatic import of rpm keys
Karanbir Singh
mail-lists at karan.org
Fri Jun 14 11:32:48 UTC 2013
On 06/13/2013 11:18 AM, Markus Falb wrote:
> I am wondering why this import is not happening automatically at install time. There must be good reasons for that?
it boils down to how much trust you have in the install media.
One school of thought is compromised media is going to be game over in
many ways, other than just keys. While others consider keys to be
yet-another barrier.
Keys are also published at the CentOS Mirrors, and the installer iso
sum's published in the release notes. Both of these resources should be
spread enough that using multiple sources, should help increase
confidence levels.
- KB
--
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc
More information about the CentOS
mailing list