On Sunday 06 July 2003 11:48, William Hooper wrote: > Price Technology said: > > I just last night finished reading the Security Guide and it mentions > > that up2date does an integrity check on rpm's that it downloads and > > installs. > > > > I'm wondering, because it wasn't specific, if the same integrity checks > > are > > performed if the rpm's are downloaded via ftp into the up2date directory > > and > > up2date is then run. > > > > Anybody know this one ?? > > > > Joebewan > > up2date uses Red Hat's gpg keys to verify the packages. From the rpm man > page: > "Note that signatures are now verified whenever a package is > read..." > So it's rpm that does the integrity check. That's the way I read it, but wanted a second opinion. > You could test this by deliberately corrupting a package and watch up2date > give you the error that the signature isn't correct. > Thought about that. I just might. Thanks for the input. Joebewan
