[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[no subject]
- <!--x-content-type: text/plain -->
- <!--x-date: Fri Jun 18 17:05:00 2004 -->
- <!--x-from-r13: wxvaarl ng ybpnyargfbyhgvbaf.pbz (Xnzrf B. Yvaarl WWW) -->
- <!--x-message-id: [email protected] -->
- <!--x-reference: [email protected] -->
- <!--x-reference: [email protected] --> "http://www.w3.org/TR/html4/loose.dtd">
- <!--x-subject: [ale] Safe apt-get repositoris -->
- <li><em>date</em>: Fri Jun 18 17:05:00 2004</li>
- <li><em>from</em>: jkinney at localnetsolutions.com (James P. Kinney III)</li>
- <li><em>in-reply-to</em>: <<a href="msg00435.html">[email protected]</a>></li>
- <li><em>references</em>: <<a href="msg00432.html">[email protected]</a>> <<a href="msg00435.html">[email protected]</a>></li>
- <li><em>subject</em>: [ale] Safe apt-get repositoris</li>
RedHat ships their key with their CD's. It is installed by default now
that rpm defaults to checking GPG signatures. **Note** If the package
_has_no_signature_ rpm will install it anyway with the "No GPG
Signature" notice. Bad idea. What one MUST do is run rpm --verify
foo.rpm on every package before installation. It is required to get the
developer keys and install them on the keyring. As the GPG signature
happens during the build process, it is a good method of verifying that
the binaries came from where they claim their origin to be.
>
> > What are they for SuSE?
>
> > Do people stray, when using Debian or Gentoo, to repositories outside of
> > the normal distribution channels for packages not in the main Gentoo/Debian
> > mirrors?
> > Dow
>
> > --
> > __________________________________________________________
> > Dow Hurst Office: 770-499-3428 *
> > Systems Support Specialist Fax: 770-423-6744 *
> > 1000 Chastain Rd. Bldg. 12 *
> > Chemistry Department SC428 Email: dhurst at kennesaw.edu *
> > Kennesaw State University Dow.Hurst at mindspring.com *
> > Kennesaw, GA 30144 *
> > ************************************************************
>
> Bob Toxen
> bob at verysecurelinux.com [Please use for email to me]
> <a rel="nofollow" href="http://www.verysecurelinux.com";>http://www.verysecurelinux.com</a> [Network&Linux/Unix security consulting]
> <a rel="nofollow" href="http://www.realworldlinuxsecurity.com";>http://www.realworldlinuxsecurity.com</a> [My book:"Real World Linux Security 2/e"]
> Quality Linux & UNIX security and SysAdmin & software consulting since 1990.
>
> "Microsoft: Unsafe at any clock speed!"
> -- Bob Toxen 10/03/2002
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> <a rel="nofollow" href="http://www.ale.org/mailman/listinfo/ale";>http://www.ale.org/mailman/listinfo/ale</a>
>
> !DSPAM:40d35198205531620619764!
--
James P. Kinney III \Changing the mobile computing world/
CEO & Director of Engineering \ one Linux user /
Local Net Solutions,LLC \ at a time. /
770-493-8244 \.___________________________./
<a rel="nofollow" href="http://www.localnetsolutions.com";>http://www.localnetsolutions.com</a>
GPG ID: 829C6CA7 James P. Kinney III (M.S. Physics)
<jkinney at localnetsolutions.com>
Fingerprint = 3C9E 6366 54FC A3FE BA4D 0659 6190 ADC3 829C 6CA7
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
</pre>
<!--X-Body-of-Message-End-->
<!--X-MsgBody-End-->
<!--X-Follow-Ups-->
<hr>
<!--X-Follow-Ups-End-->
<!--X-References-->
<ul><li><strong>References</strong>:
<ul>
<li><strong><a name="00432" href="msg00432.html">[ale] Safe apt-get repositoris</a></strong>
<ul><li><em>From:</em> dhurst at kennesaw.edu (Dow Hurst)</li></ul></li>
<li><strong><a name="00435" href="msg00435.html">[ale] Safe apt-get repositoris</a></strong>
<ul><li><em>From:</em> bob at verysecurelinux.com (Bob Toxen)</li></ul></li>
</ul></li></ul>
<!--X-References-End-->
<!--X-BotPNI-->
<ul>
<li>Prev by Date:
<strong><a href="msg00436.html">[ale] Safe apt-get repositoris</a></strong>
</li>
<li>Next by Date:
<strong><a href="msg00438.html">[ale] Safe apt-get repositoris</a></strong>
</li>
<li>Previous by thread:
<strong><a href="msg00435.html">[ale] Safe apt-get repositoris</a></strong>
</li>
<li>Next by thread:
<strong><a href="msg00436.html">[ale] Safe apt-get repositoris</a></strong>
</li>
<li>Index(es):
<ul>
<li><a href="maillist.html#00437"><strong>Date</strong></a></li>
<li><a href="threads.html#00437"><strong>Thread</strong></a></li>
</ul>
</li>
</ul>
<!--X-BotPNI-End-->
<!--X-User-Footer-->
<!--X-User-Footer-End-->
</body>
</html>