Do you trust the source of the package?
FedoraForum.org - Fedora Support Forums and Community
Results 1 to 3 of 3
  1. #1
    Join Date
    Jan 2011
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Do you trust the source of the package?

    I've just installed fedora 15 (netinstall). It seemed to go OK. I then added the rpm fusion and rpm livna repositories. When I attempted to apply the gstreamer ugly plugins it pulled in other packages. The following message was displayed.
    "
    software signature is required
    Do you trust the source of the packages?
    Repository name: fedora
    Signature URL: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64
    Signature user identifier: Fedora (15) <fedora@fedoraproject.org>
    Signature identifier: 069C8460
    Package: libid3tag-0.15.1b-11.fc15.x86_64

    Do you recognise and trust this user key"

    I'm not very familiar with Fedora and Linux but should Fedora be questioning the keys of software packages in its own repositories?

    Do I have a problem?

    Thanks for any advice.

    Iroko

  2. #2
    leigh123linux Guest

    Re: Do you trust the source of the package?

    Quote Originally Posted by Iroko
    I've just installed fedora 15 (netinstall). It seemed to go OK. I then added the rpm fusion and rpm livna repositories. When I attempted to apply the gstreamer ugly plugins it pulled in other packages. The following message was displayed.
    "
    software signature is required
    Do you trust the source of the packages?
    Repository name: fedora
    Signature URL: /etc/pki/rpm-gpg/RPM-GPG-KEY-fedora-x86_64
    Signature user identifier: Fedora (15) <fedora@fedoraproject.org>
    Signature identifier: 069C8460
    Package: libid3tag-0.15.1b-11.fc15.x86_64

    Do you recognise and trust this user key"

    I'm not very familiar with Fedora and Linux but should Fedora be questioning the keys of software packages in its own repositories?

    Do I have a problem?

    Thanks for any advice.

    Iroko

    Check it for yourself

    http://pgp.mit.edu:11371/pks/lookup?....org&op=vindex

    It's genuine.

  3. #3
    Join Date
    Jan 2011
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Thumbs up Re: Do you trust the source of the package?

    Thanks for your speedy reply.

    I knew the signature was genuine. I was just surprised to be asked as I assumed that the signatures would have been stored during the Fedora 15 install and that any checks (for fedora packages) would be done by the software. I can't remember ever being asked this question in Fedora 14.

    Iroko

Similar Threads

  1. how to use the source package disk to install the source package
    By whzwf in forum Installation, Upgrades and Live Media
    Replies: 3
    Last Post: 22nd February 2010, 01:26 AM
  2. FC5 kernel source package
    By eugen_r2 in forum Using Fedora
    Replies: 8
    Last Post: 26th April 2006, 06:42 PM
  3. need to chance package source...
    By z80 in forum Using Fedora
    Replies: 3
    Last Post: 12th January 2005, 04:21 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •