Up2date and SysAdmin auth.
Stanley Allely
eod76 at axint.net
Tue Aug 10 10:58:21 UTC 2004
>
>
>William Hooper wrote:
>The RPMs are signed with the Fedora GPG key. If you choose to configure your system to not check it, then you might have a problem.
>
>
>
>>So the weak points in the update process are:
>>
>>
>>1. repository compromise
>>2. session hijacking
>>3. packet injection/spoofing
>>
>>
>
>All fixed by configuring up2date and/or yum to verify GPG signatures.
>
>
>
Does the default up2date verify the signatures or do I need to do some
tweaking? If so, what do I do?
Thanks Stan
More information about the fedora-list
mailing list