Learn more about these different git repos.
Other Git URLs
Description of problem: Currently the only way to verify the contents of .treeinfo or the installer images is to download the .iso and the regarding -CHECKSUM file and check it. But e.g. preupgrade does not download the .iso but the *.img files, the kernel and the .treeinfo directly from a mirror. Therefore it is also not possible to easily verify these files. I guess the preupgrade way of updating is somehow popular, therefore it should be possible to do this securely.
I filed a bug against preupgrade for not verifying anything and not announcing this here: bug 509338
this was fixed in f20
Metadata Update from @jkeating: - Issue tagged with: meeting
Log in to comment on this ticket.