Hello,
rpm now verifies the digital signatures of packages. And that is good!
However, rpm also considers as a simple and valid signature md5 (when
gpg/pgp signature is not present). And that is not so good :|
My question is (well, that's two but it's for the smae thing):
How do I configure rpm to do only consider gpg signatures when
checking, without having to add --nomd5 to the command line? Is there
something I can add to /etc/rpm/ that can set this by default?
Yours, Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
Attachment:
signature.asc
Description: This is a digitally signed message part
