Hello,
> That was it! Many thanks. May I suggest that, as a value-add feature,
> the Red Hat GPG public key get installed along with the GPG package?
Well - the point of the signatures is that you get the
public key in some other (secure) way than the signed things.
You need to trust the media you are installing the
key from - this might be the case for an official
RedHat CD, but not for the zillions of RH and
RH-like distributions available from other
vendors/distributors.
I am also advising against an automagical installation.
The act of installing a public key must be an explicit
action of the user and if the installer allows it,
it should explain the situation and explicitly
ask for it.
Regards
--
Stano
--
To unsubscribe:
mail -s unsubscribe [EMAIL PROTECTED] < /dev/null
