-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 2018-05-26 02:55, haaber wrote: > I just installed f27 in ins full and minimal template on Q4.0 from > the repos. When installing extra packages (for example sys-net > tools) in f27-minimal the download works, BUT checksums fails. The > point is that fucking dnf ignorantly installs the packages anyhow > without putting any questions. Result: such a tempate is > compromised right from the beginning, I will have to delete it > without ever running it. > > The warning to all users is to NEVER run unattended (say, scripted) > updates on fedora based templates since apparently they give a shit > on security. > > For me this drastically increases the motivation to compile a > debian-minimal and kick out all fedoras (with the sad exception of > dom0). Bernard >
Checksums are only for integrity, not authenticity. For security, PGP signature checking is what matters. - -- Andrew David Wong (Axon) Community Manager, Qubes OS https://www.qubes-os.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEZQ7rCYX0j3henGH1203TvDlQMDAFAlsJUvwACgkQ203TvDlQ MDA+QxAAyhbtSlB3JE+65GemYZZvj3eteJrBVLa6PX5Yjg5h7QqO0pIxsTcKKk15 UiaGE/xgLz0stKDlpB0Opx5hPpqjo1/pkHYsJDabsXmAz5Z5cxl/2ByH7yW8nITM ubIr3wB2I+mgZb5lNQe+m4jdYT8MQspDJFCmy/Y6ba83K4XL/qTcik6R43NxTM2e UrDfb9IDKhJntu3OfOB+0GpyJfnJ+ofh61gXafnrubM1nzFE+YUp+600838wHZXi vK05B4meJSWGrMI+Bws2VWQtBKADR1/OYXdazWMsYD9YkRB9hHb9iQ8EvEGlWfYP dxVp6ec2Tld8y1NnLa3nRg0Umywvdae8f4NfAMOuw7P+ISuZ4eqiYYItZ2oE9zvN sl1jaxTV52S7Ig/rDQ49W0pshLWoexuhzDIGLHXaYvcMbcvktveawkmOFT9u7VGz MwIBXQn7L9d3ZOAYUxio4hxJnSJLk2IqAfHVO4m4hjhv937as6dYyJQf7UcylnDO +mA9nCnd18j122w6kO6oqRn3T0j3+gE8f447MQi21fpoZVHg9JCXme4JGvtaLtQr tu3+jG8LFgP7xjfhoXgaEYqYMNa1NSZCCXbqwTwwV7hq5xiMc/EldhVDTPIJ9Iw2 lGOsxeJBwuwRG//XIqDGf3dQek0DCQTr7K4JMos4i5MeBaoxbmo= =muOy -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-users+unsubscr...@googlegroups.com. To post to this group, send email to qubes-users@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-users/9b7f5e9f-67d5-26ae-4b47-91a20f6ef451%40qubes-os.org. For more options, visit https://groups.google.com/d/optout.