Yum is great, but do you trust them?

[Dan Stoner]

Hi,

I think yum is a great tool for easing the install and update of
packages.  However, I'm a little concerned about the security of getting
patches this way, especially with the recommendations of changing the
yum.conf to include servers that are "closer."

Would anyone do this on a server?  Would you trust the core repository
more than the mirrors?  Am I crazy even for considering Fedora for a
server installation?


After installing Fedora Core 1 and running yum update, some of the
package updates display "MD5 digest: BAD".  Apparently, these packages 
did not have the expected checksums.  I believe they installed anyway.

My initial response was to freak out about this, but some other linux
jockies I spoke with said "no, that's normal, I see that all the time.".

Thanks for your thoughts.

- Dan