Up2date and SysAdmin auth.

Stanley Allely eod76 at axint.net
Tue Aug 10 10:58:21 UTC 2004


>
>
>William Hooper wrote:
>The RPMs are signed with the Fedora GPG key.  If you choose to configure your system to not check it, then you might have a problem.
> 
>  
>
>>So the weak points in the update process are:
>>
>>
>>1. repository compromise
>>2. session hijacking
>>3. packet injection/spoofing
>>    
>>
>
>All fixed by configuring up2date and/or yum to verify GPG signatures.
>
>  
>
Does the default up2date verify the signatures or do I need to do some 
tweaking?  If so, what do I do?
Thanks Stan





More information about the fedora-list mailing list