On Sun, 2015-12-20 at 12:44 -0800, Alice Wonder wrote: > RPM has ability to install a package over the network. > > rpm -i ftp://example.org/foo-2.2.noarch.rpm Thanks for the new knowledge. > The point I'm trying to make though is that yum could benefit from > the ability to verify the fingerprint in a key it is importing > matches a DNS query for the user and domain the key claims to be for. > > Regardless of how the package was retrieved, this could prevent > dishonest trojan keys from being imported, especially if DNSSEC > validated the DNS query. How widespread is the problem of unknowingly importing compromised software ? -- Regards, Paul. England, EU. England's place is in the European Union.