Price Technology said: > I just last night finished reading the Security Guide and it mentions that > up2date does an integrity check on rpm's that it downloads and installs. > > I'm wondering, because it wasn't specific, if the same integrity checks > are > performed if the rpm's are downloaded via ftp into the up2date directory > and > up2date is then run. > > Anybody know this one ?? > > Joebewan up2date uses Red Hat's gpg keys to verify the packages. From the rpm man page: "Note that signatures are now verified whenever a package is read..." You could test this by deliberately corrupting a package and watch up2date give you the error that the signature isn't correct. -- William Hooper
