Dan Stoner said: > Hi, > > I think yum is a great tool for easing the install and update of > packages. However, I'm a little concerned about the security of getting > patches this way, especially with the recommendations of changing the > yum.conf to include servers that are "closer." That's why the packages are GPG signed. If you don't trust the Fedora Project's GPG key... then why did you install the distro :-) Anyone know if gpgcheck is defaulted to 1 or do you have to specify it? [snip] > After installing Fedora Core 1 and running yum update, some of the > package updates display "MD5 digest: BAD". Apparently, these packages > did not have the expected checksums. I believe they installed anyway. I think you should check. I think you will find either they were: redownloaded and the next download wasn't corrupted or not installed. > My initial response was to freak out about this, but some other linux > jockies I spoke with said "no, that's normal, I see that all the time.". This is because they are not smart enough to use mirrors. The extra load on the main mirror is what causes some of these corrupt downloads in the first place. -- William Hooper