On Wed, 2007-08-22 at 13:53 -0400, Jesse Keating wrote:
On Wed, 22 Aug 2007 13:44:31 -0400 Christopher Aillon caillon@redhat.com wrote:
Why isn't Fedora's key imported by default?
For the reason I listed above, we don't control the distribution of Fedora. We hand it out to mirrors and encourage people download it from !us. We can import the RHEL key by default because we control the distribution mechanism. You can only get RHEL through us.
Assume that Alice gets Fedora from Mallory's mirror. What prevents Mallory from patching the rpm and yum programs that end up on Alice's system to avoid honoring the keys that we, painfully, make her import?
David