Matias Féliciano said:
Le mardi 26 octobre 2004 à 08:25 -0400, William Hooper a écrit :
nodata said:
A recent scam involving fake updates to Fedora has highlighted the lack of signed RPMs for Fedora Core.
How? Would it make you feel better if the fake updates had installed a signature first?
Impossible. gpg check is done _before_ installing the package.
Very possible. The fake updates weren't directly an RPM, the instructions had you run a shell script.