On Wed, 22 Aug 2007 13:53:40 -0400
David Zeuthen <davidz(a)redhat.com> wrote:
Assume that Alice gets Fedora from Mallory's mirror. What
prevents
Mallory from patching the rpm and yum programs that end up on Alice's
system to avoid honoring the keys that we, painfully, make her import?
I honestly don't have an answer for this. They could. Should we then
just throw out any and all verification utilities? That would make
life easier.
--
Jesse Keating
Fedora -- All my bits are free, are yours?