View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0004944||CentOS-6||Other||public||2011-07-10 18:49||2011-07-10 19:29|
|Target Version||Fixed in Version|
|Summary||0004944: Website does not show how to use GPG key to verify Checksum files|
|Description||The website for how to burn an ISO doesn't show all the steps required to successfully verify the authenticity of the ISO: https://www.centos.org/docs/4/html/CD_burning_howto.html#AEN31|
The Checksum .ASC file signatures should be verified by the published release GPG key.
The Fedora Project lists these steps:
Additionally, the GPG key should really by published with some additional trust method. One method to do this is to make the GPG key available via the SSL version of www.centos.org.
|Tags||No tags attached.|
Sorry for the old link. C5 has this as well:
Really what should be done is creating a release-agnostic page showing how to verify and burn any CentOS release.
|Ah, I see there is a version-generic FAQ page. This could be updated: https://www.centos.org/modules/smartfaq/faq.php?faqid=46|