On Sun, 2004-10-24 at 22:15 -0500, Ian Pilcher wrote:
AMAZING POWERS OF OBSERVATION wrote:
> Official messages from the Red Hat security team are never sent
> unsolicited, are always sent from the address
> secalert(a)redhat.com, and are digitally signed by GPG. All
> official updates for Red Hat products are digitally signed and
> should not be installed unless they are correctly signed and the
> signature is verified..."
Too bad rawhide updates often *are* unsigned.
Which is chiefly why you're supposed to keep it off critical systems..
that and the not-so-rare its-completely-borked-again occurrences. It
would certainly be nice to have them all come signed however.
--
Andrew Farris (lordmorgul) <andrew(a)andrewfarris.com>
- CPE student, Cal Poly SLO, pgp keyid 4430F405
pgp.mit.edu
"..the triumph of evil is for good men to do nothing." (Edmond Burke)