William Hooper wrote:
Stanley Allely said:Thanks to the previous responses I finally knew what to go looking for and I found info on gpg, plenty of peace of mind from those 3 letters being in the default update system. Thanks for the info on the tweak, too. Your answer got me started on a knowledge quest that took me to a half dozen Linux security sites (and brain overload), unSpawn at the Linux Security forum on linuxquestions.org has a great reference list.
[snip]
Does the default up2date verify the signatures...
[snip]
Yes.
# grep -i gpg /etc/sysconfig/rhn/up2date useGPG[comment]=Use GPG to verify package integrity useGPG=1 gpgKeyRing[comment]=The location of the gpg keyring to use for package checking gpgKeyRing=/etc/sysconfig/rhn/up2date-keyring.gpg
Thanks, Stan
