Whom should I put my trust?

Chris Kloiber ckloiber at redhat.com
Tue Nov 25 06:06:15 UTC 2003


On Tue, 2003-11-25 at 05:12, Timothy Ha wrote:
> Thank you!
> 
> I still have some questions (not doubts): With thrilling stories like 
> someone break into Linux kernel source, how do you guarant the quality 
> of the repositories? Security updates, system tools and so on are there.
> 
> Will Redhat be some guarantee to all these things?

Not necessarily, but... 

The packages are all signed with GPG if they are officially part of the
Fedora project. Your up2date/apt/yum should be configured to check these
signatures before installing anything, and to scream "bloody-blue
murder" if they are not correctly signed. 

You should be able to find the official keys and and explanation of
their uses here:

http://fedora.redhat.com/about/security/

-- 
Chris Kloiber
Red Hat, Inc.





More information about the fedora-list mailing list