Whom should I put my trust?
Chris Kloiber
ckloiber at redhat.com
Tue Nov 25 06:06:15 UTC 2003
On Tue, 2003-11-25 at 05:12, Timothy Ha wrote:
> Thank you!
>
> I still have some questions (not doubts): With thrilling stories like
> someone break into Linux kernel source, how do you guarant the quality
> of the repositories? Security updates, system tools and so on are there.
>
> Will Redhat be some guarantee to all these things?
Not necessarily, but...
The packages are all signed with GPG if they are officially part of the
Fedora project. Your up2date/apt/yum should be configured to check these
signatures before installing anything, and to scream "bloody-blue
murder" if they are not correctly signed.
You should be able to find the official keys and and explanation of
their uses here:
http://fedora.redhat.com/about/security/
--
Chris Kloiber
Red Hat, Inc.
More information about the fedora-list
mailing list