in /usr/share/rhn are two files... RPM-GPG-KEY-fedora RPM-GPG-KEY-fedora-test doing an: rpm --import RPM-GPG-KEY-fedora will import the fedora public key into rpm's keyring... the other is used to sign the packages in the testing dir. then add: gpgcheck=1 to the server sections of your yum.conf then you can: yum update without fear of bogus packages... for third party packages and repositories like atrpms dag or freshrpms there are generally more public keys you can add to validate those packages as well... On Tue, 10 Feb 2004, Dan Stoner wrote: > Joel Jaeggli wrote: > > > place the pgp keys for the signers in your keyring then require pgp keys > > for the repositories. then packages whose signatures can't be trusted or > > How do I place the pgp keys into my keyring? > > My google search returned way to much information. > > Thanks! > > -Dan > > > -- -------------------------------------------------------------------------- Joel Jaeggli Unix Consulting joelja@xxxxxxxxxxxxxxxxxxxx GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2