On 11/13/2017 06:59 PM, Steve Grubb wrote:
...the current rev of OSPP
calls out for auditing of software update integrity checks. It calls out for
integrity checks and for them to be enabled. It calls out for the vendor to
supply SCAP content for the evaluated configuration. So that means we
shouldn't be turning it off.
What are we gaining by enabling repo_gpgcheck in addition to gpgcheck?
--
Paul Arnold, CISSP
Cole Engineering Services, Inc.