On 4 May 2013, at 02:03, Chris Adams wrote:
Creating a complete chain of trust is hard.
Sure, creating a complete chain of trust is hard, but the closest
thing we have to it today is downloading an iso and verifying its
checksum -- and trusting that (a) the release team verified the keys
on the iso image, and (b) the checksum file hasn't been been tampered
with.
The keys on that iso are the ones that yum will use to check package
signatures on updates. Why they are not used to check the signatures
on packages anaconda installs is beyond me. It might be imperfect
security, but it seems much more reasonable than abandoning signature
checking altogether on a netinstall.
The repo works fine for yum after installation.
Is it a mirror of the "Fedora" or "Everything" directory? I haven't
checked in a bit, but at one point there was some difference
between the
two related to the comps file (which defines the groups displayed in
anaconda). yum would work fine without the comps file (except for
groupinstall and such).
We have internal mirrors of Fedora, Everything and Updates. I tried
to use "Fedora" but will experiment with both it and "Everything" today.
Have you tried doing a netinstall from a specific mirror that you
specified in the source spoke of anaconda rather than using the pre-
configured repo? Did it work?
Yes. I operate a mirror server, and then I also have a couple of
private mirrors hanging off of it I use for my stuff (one at the
office
and one at home).
The problem I'm going to have in testing the F19 TC is that, for
bandwidth reasons, our internal repo only mirrors the current version
and arch that we use -- F18 on x86_64 at the moment. So I'll just
have to pick a handful of external mirrors and try them.
--
Mike
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
