Yum is great, but do you trust them?
Dan Stoner
dstoner at flmnh.ufl.edu
Tue Feb 10 18:57:04 UTC 2004
Hi,
I think yum is a great tool for easing the install and update of
packages. However, I'm a little concerned about the security of getting
patches this way, especially with the recommendations of changing the
yum.conf to include servers that are "closer."
Would anyone do this on a server? Would you trust the core repository
more than the mirrors? Am I crazy even for considering Fedora for a
server installation?
After installing Fedora Core 1 and running yum update, some of the
package updates display "MD5 digest: BAD". Apparently, these packages
did not have the expected checksums. I believe they installed anyway.
My initial response was to freak out about this, but some other linux
jockies I spoke with said "no, that's normal, I see that all the time.".
Thanks for your thoughts.
- Dan
More information about the users
mailing list