billg wrote:
Frankly, too, I was concerned about the integrity of files I might pull down from unknown mirrors. Plenty of people seem to be mirroring files, but how do I know that their files are copies of the "official" files and not their own homebrew versions?
You check the signatures.
If you trust that the CD images you downloaded aren't tampered with, you have all you need. Install GnuPG from CD if it isn't installed already, and import Redhat's keys from the RPM-GPG-KEY files into RPM. Then turn on signature checking in Yum and Up2date.
Björn Persson
