Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Why RpmFusion is installed if no key is installed

I have a freshly new Fedora 23 installed on Virtual Box. I applied the latest updates available (sudo dnf update). Then I applied the following commands (described on RpmFusion website): The packages are installed without any problem but why because I don't have the keys from RpmFusion ? I thing this is a security issue because there is no verification of the key with the one installed on system. In this manner anyone can repackage anything with any signature and the package will be installed without any security check.

[user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm' Password: Last metadata expiration check: 1:26:02 ago on Mon Mar 28 20:51:56 2016.

Dependencies resolved.

Package Arch Version Repository Size

Installing: rpmfusion-free-release noarch 23-0.1 @commandline 19 k rpmfusion-nonfree-release noarch 23-0.1 @commandline 19 k

Transaction Summary

Install 2 Packages

Total size: 39 k Installed size: 20 k Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : rpmfusion-free-release-23-0.1.noarch 1/2 Installing : rpmfusion-nonfree-release-23-0.1.noarch 2/2 warning: rpmfusion-nonfree-release-23-0.1.noarch: Header V4 RSA/SHA1 Signature, key ID 5ca6c469: NOKEY Verifying : rpmfusion-nonfree-release-23-0.1.noarch 1/2 Verifying : rpmfusion-free-release-23-0.1.noarch 2/2

Installed: rpmfusion-free-release.noarch 23-0.1 rpmfusion-nonfree-release.noarch 23-0.1

Complete! [user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm' Password: RPM Fusion for Fedora 23 - Nonfree 590 kB/s | 218 kB 00:00
RPM Fusion for Fedora 23 - Free 719 kB/s | 738 kB 00:01
RPM Fusion for Fedora 23 - Free - Test Updates 643 kB/s | 328 kB 00:00
RPM Fusion for Fedora 23 - Nonfree - Test Updat 363 kB/s | 104 kB 00:00
Last metadata expiration check: 0:00:00 ago on Mon Mar 28 22:19:23 2016. Package rpmfusion-nonfree-release-23-0.1.noarch is already installed, skipping. Package rpmfusion-free-release-23-0.1.noarch is already installed, skipping. Dependencies resolved. Nothing to do. Complete! [user@localhost ~]$

Why RpmFusion is installed if no key is installedinstalled ?

I have a freshly new Fedora 23 installed on Virtual Box. I applied the latest updates available (sudo dnf update). Then I applied the following commands (described on RpmFusion website):
The packages are installed without any problem but why ? because I don't have the keys from RpmFusion ? RpmFusion. I thing this is a security issue because there is no verification of the key with the one installed on system. In this manner anyone can repackage anything with any signature and the package will be installed without any security check.

check. [user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm' Password: Last metadata expiration check: 1:26:02 ago on Mon Mar 28 20:51:56 2016.

2016. Dependencies resolved.

resolved. ================================================================================ Package Arch Version Repository Size

Size ================================================================================ Installing: rpmfusion-free-release noarch 23-0.1 @commandline 19 k rpmfusion-nonfree-release noarch 23-0.1 @commandline 19 k

k Transaction Summary

Summary ================================================================================ Install 2 Packages

Packages Total size: 39 k Installed size: 20 k Is this ok [y/N]: y Downloading Packages: Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Installing : rpmfusion-free-release-23-0.1.noarch 1/2 Installing : rpmfusion-nonfree-release-23-0.1.noarch 2/2 warning: rpmfusion-nonfree-release-23-0.1.noarch: Header V4 RSA/SHA1 Signature, key ID 5ca6c469: NOKEY Verifying : rpmfusion-nonfree-release-23-0.1.noarch 1/2 Verifying : rpmfusion-free-release-23-0.1.noarch 2/2

Installed: rpmfusion-free-release.noarch 23-0.1 rpmfusion-nonfree-release.noarch 23-0.1

Complete! [user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm' Password: RPM Fusion for Fedora 23 - Nonfree 590 kB/s | 218 kB 00:00
RPM Fusion for Fedora 23 - Free 719 kB/s | 738 kB 00:01
RPM Fusion for Fedora 23 - Free - Test Updates 643 kB/s | 328 kB 00:00
RPM Fusion for Fedora 23 - Nonfree - Test Updat 363 kB/s | 104 kB 00:00
Last metadata expiration check: 0:00:00 ago on Mon Mar 28 22:19:23 2016. Package rpmfusion-nonfree-release-23-0.1.noarch is already installed, skipping. Package rpmfusion-free-release-23-0.1.noarch is already installed, skipping. Dependencies resolved. Nothing to do. Complete! [user@localhost ~]$

~]$
click to hide/show revision 3
No.3 Revision

Why RpmFusion is installed if no key is installed ?

I have a freshly new Fedora 23 installed on Virtual Box. I applied the latest updates available (sudo dnf update). Then I applied the following commands (described on RpmFusion website): The packages are installed without any problem but why ? because I don't have the keys from RpmFusion. I thing this is a security issue because there is no verification of the key with the one installed on system. In this manner anyone can repackage anything with any signature and the package will be installed without any security check. check.

[user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'
Password: 
Last metadata expiration check: 1:26:02 ago on Mon Mar 28 20:51:56 2016.
Dependencies resolved.
================================================================================
 Package                        Arch        Version     Repository         Size
================================================================================
Installing:
 rpmfusion-free-release         noarch      23-0.1      @commandline       19 k
 rpmfusion-nonfree-release      noarch      23-0.1      @commandline       19 k

Transaction Summary
================================================================================
Install  2 Packages

Total size: 39 k
Installed size: 20 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : rpmfusion-free-release-23-0.1.noarch                        1/2 
  Installing  : rpmfusion-nonfree-release-23-0.1.noarch                     2/2 
warning: rpmfusion-nonfree-release-23-0.1.noarch: Header V4 RSA/SHA1 Signature, key ID 5ca6c469: NOKEY
  Verifying   : rpmfusion-nonfree-release-23-0.1.noarch                     1/2 
  Verifying   : rpmfusion-free-release-23-0.1.noarch                        2/2 

Installed:
  rpmfusion-free-release.noarch 23-0.1  rpmfusion-nonfree-release.noarch 23-0.1 

Complete!
[user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'
Password: 
RPM Fusion for Fedora 23 - Nonfree              590 kB/s | 218 kB     00:00    
RPM Fusion for Fedora 23 - Free                 719 kB/s | 738 kB     00:01    
RPM Fusion for Fedora 23 - Free - Test Updates  643 kB/s | 328 kB     00:00    
RPM Fusion for Fedora 23 - Nonfree - Test Updat 363 kB/s | 104 kB     00:00    
Last metadata expiration check: 0:00:00 ago on Mon Mar 28 22:19:23 2016.
Package rpmfusion-nonfree-release-23-0.1.noarch is already installed, skipping.
Package rpmfusion-free-release-23-0.1.noarch is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!
[user@localhost ~]$
click to hide/show revision 4
No.4 Revision

Why RpmFusion is installed if no key is installed ?

I have a freshly new Fedora 23 installed on Virtual Box. I applied the latest updates available (sudo dnf update). Then I applied the following commands (described on RpmFusion website): The packages are installed without any problem but why ? because I don't have the keys from RpmFusion. I thing this is a security issue because there is no verification of the key with the one installed on system. In this manner anyone can repackage anything with any signature and the package will be installed without any security check.

[user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'
Password: 
Last metadata expiration check: 1:26:02 ago on Mon Mar 28 20:51:56 2016.
Dependencies resolved.
================================================================================
 Package                        Arch        Version     Repository         Size
================================================================================
Installing:
 rpmfusion-free-release         noarch      23-0.1      @commandline       19 k
 rpmfusion-nonfree-release      noarch      23-0.1      @commandline       19 k

Transaction Summary
================================================================================
Install  2 Packages

Total size: 39 k
Installed size: 20 k
Is this ok [y/N]: y
Downloading Packages:
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Installing  : rpmfusion-free-release-23-0.1.noarch                        1/2 
  Installing  : rpmfusion-nonfree-release-23-0.1.noarch                     2/2 
warning: rpmfusion-nonfree-release-23-0.1.noarch: Header V4 RSA/SHA1 Signature, key ID 5ca6c469: NOKEY
  Verifying   : rpmfusion-nonfree-release-23-0.1.noarch                     1/2 
  Verifying   : rpmfusion-free-release-23-0.1.noarch                        2/2 

Installed:
  rpmfusion-free-release.noarch 23-0.1  rpmfusion-nonfree-release.noarch 23-0.1 

Complete!
[user@localhost ~]$ su -c 'dnf install http://download1.rpmfusion.org/free/fedora/rpmfusion-free-release-$(rpm -E %fedora).noarch.rpm http://download1.rpmfusion.org/nonfree/fedora/rpmfusion-nonfree-release-$(rpm -E %fedora).noarch.rpm'
Password: 
RPM Fusion for Fedora 23 - Nonfree              590 kB/s | 218 kB     00:00    
RPM Fusion for Fedora 23 - Free                 719 kB/s | 738 kB     00:01    
RPM Fusion for Fedora 23 - Free - Test Updates  643 kB/s | 328 kB     00:00    
RPM Fusion for Fedora 23 - Nonfree - Test Updat 363 kB/s | 104 kB     00:00    
Last metadata expiration check: 0:00:00 ago on Mon Mar 28 22:19:23 2016.
Package rpmfusion-nonfree-release-23-0.1.noarch is already installed, skipping.
Package rpmfusion-free-release-23-0.1.noarch is already installed, skipping.
Dependencies resolved.
Nothing to do.
Complete!
[user@localhost ~]$