Hello!
I have a question about security of installed package metadata. The
idea is to use rpm -V for security audit, and I need to understand, if
file checksums in the rpm database can be trusted. I don't know, what
exact metadata is signed inside the package, and is this signature
stored after package installation. If the database keeps only unsigned
checksums, they can be altered, and rpm -V cannot be considered
suitable for our purposes.
--
Regards,
Dmitry Mikhirev
Attachment:
pgpTu6WFXy4iV.pgp
Description: Цифровая подпись OpenPGP
_______________________________________________ Rpm-list mailing list Rpm-list@xxxxxxxxxxxxx http://lists.rpm.org/mailman/listinfo/rpm-list
