Ticket #982 (closed task: fixed)
Fedup does not verify source. Treat https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=877623 as a Fedora 18 blocker
|Reported by:||sundaram||Owned by:|
Fedup does not verify source. This wasn't a critical issue while Anaconda based media upgrades were still supported but Anaconda has completed removed all upgrade functionality entirely and delegated it to fedup which does not provide a secure method to perform the upgrade leaving Fedora 18 as a release which has no supported and secure upgrade path.
It is true that preupgrade (https://bugzilla.redhat.com/show_bug.cgi?id=509338) nor anaconda itself (https://bugzilla.redhat.com/show_bug.cgi?id=998) has verified the source and it has been argued that Fedup not doing it isn't a regression. While technically correct, the lack of media/ISO based upgrade *is* a regression and has a unaccepted side effect
Mark 877623 as a release blocker and make sure this is fixed before we release Fedora 18. Alternatively support ISO based upgrade. I am not sure why Fedora QA didn't do so.
yum does provide a secure method of upgrading to Fedora 18 however Fedora has deemed it unsupported and that means we cannot recommend it to new users.