Valid GPG Sig's on update
Tom Needs a Hat Mitchell
mitch48 at sbcglobal.net
Tue Mar 16 00:32:52 UTC 2004
On Mon, Mar 15, 2004 at 03:55:51PM -0800, Jay Scherrer wrote:
> Can we trust the files with corrupted GPG sig's while using up2date?
> I've succesfully installed Fedora core 1, but when I try the up2date manager,
> I get notices that the GPG sig has been tampered with or that it has been
> corrupted. Can we trust the connection?
If you look at the package, it is most likely short, is a HTML error message
or something broken.
So, 99% do not trust.... Give the server 20+your_age min to finish
with someone else and retry.
You can always use the verify options of rpm to check the download.
Do search the archives for ways to be sure that your GPG keys are
current.
--
T o m M i t c h e l l
/dev/null the ultimate in secure storage.
More information about the fedora-list
mailing list