Learn more about these different git repos.
Other Git URLs
Description of problem:
Currently the only way to verify the contents of .treeinfo or the installer
images is to download the .iso and the regarding -CHECKSUM file and check it.
But e.g. preupgrade does not download the .iso but the *.img files, the kernel
and the .treeinfo directly from a mirror. Therefore it is also not possible to
easily verify these files. I guess the preupgrade way of updating is somehow
popular, therefore it should be possible to do this securely.
I filed a bug against preupgrade for not verifying anything and not announcing
this here: bug 509338
this was fixed in f20
Metadata Update from @jkeating:
- Issue tagged with: meeting
to comment on this ticket.