[prev in list] [next in list] [prev in thread] [next in thread]
List: fedora-list
Subject: Re: Security of netinstall?
From: Matthew Miller <mattdm () fedoraproject ! org>
Date: 2016-03-24 22:23:36
Message-ID: 20160324222336.GA29465 () mattdm ! org
[Download RAW message or body]
On Wed, Mar 23, 2016 at 08:43:36PM +0000, Troels Arvin wrote:
> When I install Fedora from a netinstall image:
> Given that I initially
> - check the SHA256 checksum of the Fedora-Server-netinst-x86_64-23.iso
> file
> - check the GPG signature of the file which contained the checksum
> (the Fedora-Server-23-x86_64-CHECKSUM file)
> Then:
> How is the authenticity of the rest of the installation sources ensured?
> I mean: During the installation, the installer in the netinstall image
> will pull a number of packages from somewhere on the web; how does it
> insure that the packages pulled are really the unaltered Fedora packages?
Check this out for some reassurance:
https://bugzilla.redhat.com/show_bug.cgi?id=998#c54
--
Matthew Miller
<mattdm@fedoraproject.org>
Fedora Project Leader
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
Have a question? Ask away: http://ask.fedoraproject.org
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic