> Does the message "MD5 Signature check failed" mean just that the package > checksum is not correct, or that the package is not correctly digitally > signed? it means that the python equiv of rpm -K failed on the md5 checksum. > If the latter, then I think that using the suggested command is a really > bad idea, as this will *bypass* this signature checking; if the package > has been trojaned, the above will happily install the trojan. Why would it install the package? rpm -V should check it and -p means check it in a file. I admit rpm -K is easier, but I'm not sure why the other is dangerous. > Just because I'm paranoid doesn't mean they're not out to get me.... oh they're out to get you, I asked. They said 'yep, out to get him' :) -sv
