Am Fr, den 01.10.2004 schrieb TongKe Xue um 1:18: > 1) What is RedHat's GPG key? Up2date said it was going to "install the > key" but didn't say what the key was. http://www.fedorafaq.org/#gpgsig > 2) How can I ensure that the packages I download are from > RedHat/Fedora and not spoofed/trojaned? (By the man in middle attack) This is the intend of the GPG signing and md5sum. You can run rpm -Kv packagename-version.arch.rpm and check the output. rpm or the "frontends" up2date or yum handle the signature and checksum checking automatically. > --TongKe Alexander -- Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13 Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.8-1.521smp Serendipity 01:57:46 up 1 day, 4:23, load average: 1.16, 0.73, 0.69
Attachment:
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil
