Re: Yum is great, but do you trust them?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



in /usr/share/rhn are two files...

RPM-GPG-KEY-fedora
RPM-GPG-KEY-fedora-test

doing an:

rpm --import RPM-GPG-KEY-fedora

will import the fedora public key into rpm's keyring... the other is used 
to sign the packages in the testing dir.

then add:

gpgcheck=1

to the server sections of your yum.conf

then you can: 

yum update 

without fear of bogus packages...

for third party packages and repositories like atrpms dag or freshrpms 
there are generally more public keys you can add to validate those 
packages as well...



On Tue, 10 Feb 2004, Dan Stoner wrote:

> Joel Jaeggli wrote:
> 
> > place the pgp keys for the signers in your keyring then require pgp keys 
> > for the repositories. then packages whose signatures can't be trusted or 
> 
> How do I place the pgp keys into my keyring?
> 
> My google search returned way to much information.
> 
> Thanks!
> 
> -Dan
> 
> 
> 

-- 
-------------------------------------------------------------------------- 
Joel Jaeggli  	       Unix Consulting 	       joelja@xxxxxxxxxxxxxxxxxxxx    
GPG Key Fingerprint:     5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2





[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux