Re: Yum is great, but do you trust them?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-02-10 at 14:30 -0500, Harry Hoffman wrote:
> It is hoped that the mirrors are only copies! They could be forged, altered, or
> otherwise changed. Trusting a mirror is like trusting a friend's friend without
> actually knowing either friend to start with. Trust is better served with things
> that can't be proved easily (like the universe imploding upon itself tomorrow).
> And that is more along the lines of hope anyway. :-)
> Not to say that mirrors shouldn't be used, just something to think about.

    Nah, as usual, the 'gods' among us were looking out for us. 

    When a mirror is set up, there is a chance that someone sneaked a
modified sendmail rpm, causing it to send spam.  Problem is, the
checksum has to be the same as the original one on the main site, then
the checksums wouldn't match...just like if the file were mangled along
the way for some reason.

    And during packaging, in order to fake it, he'd have to have the
_private_ key to make this all work out.

    So, no- turn on the gpgcheck, get the keys, and enjoy.
-- 
------------------------------------------------------------------------
Brian FahrlÃnder                 Researcher, Conservative, and Technomad
Evansville, IN                                     http://Fahrlander.net
ICQ  5119262
------------------------------------------------------------------------

Attachment: signature.asc
Description: This is a digitally signed message part


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux