When I install Fedora from a netinstall image:
Given that I initially
- check the SHA256 checksum of the Fedora-Server-netinst-x86_64-23.iso
file
- check the GPG signature of the file which contained the checksum
(the Fedora-Server-23-x86_64-CHECKSUM file)
Then:
How is the authenticity of the rest of the installation sources ensured?
I mean: During the installation, the installer in the netinstall image
will pull a number of packages from somewhere on the web; how does it
insure that the packages pulled are really the unaltered Fedora packages?
--
Regards,
Troels Arvin
Show replies by date