View Issue Details

IDProjectCategoryView StatusLast Update
0004944CentOS-6Otherpublic2011-07-10 19:29
Reporterjroysdon 
PrioritynormalSeverityminorReproducibilityalways
Status newResolutionopen 
Product Version 
Target VersionFixed in Version 
Summary0004944: Website does not show how to use GPG key to verify Checksum files
DescriptionThe website for how to burn an ISO doesn't show all the steps required to successfully verify the authenticity of the ISO: https://www.centos.org/docs/4/html/CD_burning_howto.html#AEN31

The Checksum .ASC file signatures should be verified by the published release GPG key.

The Fedora Project lists these steps:
https://fedoraproject.org/verify

Additionally, the GPG key should really by published with some additional trust method. One method to do this is to make the GPG key available via the SSL version of www.centos.org.
TagsNo tags attached.

Activities

jroysdon

jroysdon

2011-07-10 19:27

reporter   ~0012925

Sorry for the old link. C5 has this as well:
https://www.centos.org/docs/6/html/CD_burning_howto.html

Really what should be done is creating a release-agnostic page showing how to verify and burn any CentOS release.
jroysdon

jroysdon

2011-07-10 19:29

reporter   ~0012926

Ah, I see there is a version-generic FAQ page. This could be updated: https://www.centos.org/modules/smartfaq/faq.php?faqid=46

Issue History

Date Modified Username Field Change
2011-07-10 18:49 jroysdon New Issue
2011-07-10 19:27 jroysdon Note Added: 0012925
2011-07-10 19:29 jroysdon Note Added: 0012926