Up2date
Alexander Dalloz
alexander.dalloz at uni-bielefeld.de
Fri Oct 1 00:00:16 UTC 2004
Am Fr, den 01.10.2004 schrieb TongKe Xue um 1:18:
> 1) What is RedHat's GPG key? Up2date said it was going to "install the
> key" but didn't say what the key was.
http://www.fedorafaq.org/#gpgsig
> 2) How can I ensure that the packages I download are from
> RedHat/Fedora and not spoofed/trojaned? (By the man in middle attack)
This is the intend of the GPG signing and md5sum. You can run
rpm -Kv packagename-version.arch.rpm
and check the output.
rpm or the "frontends" up2date or yum handle the signature and checksum
checking automatically.
> --TongKe
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 01:57:46 up 1 day, 4:23, load average: 1.16, 0.73, 0.69
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
URL: <http://listman.redhat.com/archives/fedora-list/attachments/20041001/bf447f73/attachment-0001.sig>
More information about the fedora-list
mailing list