Am Fr, den 01.10.2004 schrieb TongKe Xue um 1:18:
1) What is RedHat's GPG key? Up2date said it was going to
"install the
key" but didn't say what the key was.
http://www.fedorafaq.org/#gpgsig
2) How can I ensure that the packages I download are from
RedHat/Fedora and not spoofed/trojaned? (By the man in middle attack)
This is the intend of the GPG signing and md5sum. You can run
rpm -Kv packagename-version.arch.rpm
and check the output.
rpm or the "frontends" up2date or yum handle the signature and checksum
checking automatically.
--TongKe
Alexander
--
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp
Serendipity 01:57:46 up 1 day, 4:23, load average: 1.16, 0.73, 0.69