[Server-devel] rpm installation via customization stick

Sridhar Dhanapalan sridhar at laptop.org.au
Tue May 10 10:01:42 EDT 2011


On 10 May 2011 23:09, Reuben K. Caron <reuben at laptop.org> wrote:
>
> On May 10, 2011, at 6:14 AM, Sridhar Dhanapalan wrote:
>
> Can we make it so that it only installs signed RPMs? Would that help?
>
> I signed manifest which includes a list of files would probably be more
> feasible as you wouldn't have to alter the RPMs.

Good point.

However, I was thinking along more simplistic lines. We could have
have it so that one can only install RPMs signed with a signature[0]
that is present in the RPM database. This would allow users to add
their own RPMs, but prevent 'unofficial' ones from being installed.

Sridhar

[0] https://fedoraproject.org/keys


More information about the Server-devel mailing list