On Wed, 2009-07-01 at 06:05 +0200, gil...@altern.org wrote:
> I must admit I thought I was downloading from rpmfusion instead of
> rpmfind. I now find that I downloaded from:
> ftp://fr2.rpmfind.net/linux/rpmfusion/free/fedora/development/x86_64/os/libquicktime-1.1.1-2.fc11.x86_64.rpm
> rpmfusion is in the path only as a directory. Is rpmfind considered a
> safe source for downloads? Of course, the packages didn't install as
> they were already downloaded, but I'm afraid I did accept their key.
> Is it preferable to remove it?

Who's key was "theirs"?  One from rpmfusion or rpmfind?

Yum (and packagekit using yum) use a mirror list to get your files from
a random repo mirror on their list.  We'd generally trust that whoever
compiled the list only included trustworthy mirrors, and I've not heard
comments to suggest otherwise.  The only problems I've read about have
been about mirrors which are slow to download from, or slow for updates
to appear on.

Each of the repos has, or should have, a public key for verification
before you use their repo.

[...@localhost ~]$ uname -r

Don't send private replies to my address, the mailbox is ignored.  I
read messages from the public lists.

fedora-list mailing list
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

Reply via email to