Yum is great, but do you trust them?
Joel Jaeggli
joelja at darkwing.uoregon.edu
Tue Feb 10 22:24:28 UTC 2004
in /usr/share/rhn are two files...
RPM-GPG-KEY-fedora
RPM-GPG-KEY-fedora-test
doing an:
rpm --import RPM-GPG-KEY-fedora
will import the fedora public key into rpm's keyring... the other is used
to sign the packages in the testing dir.
then add:
gpgcheck=1
to the server sections of your yum.conf
then you can:
yum update
without fear of bogus packages...
for third party packages and repositories like atrpms dag or freshrpms
there are generally more public keys you can add to validate those
packages as well...
On Tue, 10 Feb 2004, Dan Stoner wrote:
> Joel Jaeggli wrote:
>
> > place the pgp keys for the signers in your keyring then require pgp keys
> > for the repositories. then packages whose signatures can't be trusted or
>
> How do I place the pgp keys into my keyring?
>
> My google search returned way to much information.
>
> Thanks!
>
> -Dan
>
>
>
--
--------------------------------------------------------------------------
Joel Jaeggli Unix Consulting joelja at darkwing.uoregon.edu
GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
More information about the fedora-list
mailing list