On Tue, 2004-02-10 at 14:30 -0500, Harry Hoffman wrote:
> It is hoped that the mirrors are only copies! They could be forged, altered, or
> otherwise changed. Trusting a mirror is like trusting a friend's friend without
> actually knowing either friend to start with. Trust is better served with things
> that can't be proved easily (like the universe imploding upon itself tomorrow).
> And that is more along the lines of hope anyway. :-)
> Not to say that mirrors shouldn't be used, just something to think about.
Nah, as usual, the 'gods' among us were looking out for us.
When a mirror is set up, there is a chance that someone sneaked a
modified sendmail rpm, causing it to send spam. Problem is, the
checksum has to be the same as the original one on the main site, then
the checksums wouldn't match...just like if the file were mangled along
the way for some reason.
And during packaging, in order to fake it, he'd have to have the
_private_ key to make this all work out.
So, no- turn on the gpgcheck, get the keys, and enjoy.
--
------------------------------------------------------------------------
Brian FahrlÃnder Researcher, Conservative, and Technomad
Evansville, IN http://Fahrlander.net
ICQ 5119262
------------------------------------------------------------------------
Attachment:
signature.asc
Description: This is a digitally signed message part
