Yum is great, but do you trust them?
Doug Stewart
dstewart at atl.lmco.com
Tue Feb 10 19:02:36 UTC 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Dan Stoner wrote:
| Hi,
|
| I think yum is a great tool for easing the install and update of
| packages. However, I'm a little concerned about the security of getting
| patches this way, especially with the recommendations of changing the
| yum.conf to include servers that are "closer."
|
| Would anyone do this on a server? Would you trust the core repository
| more than the mirrors? Am I crazy even for considering Fedora for a
| server installation?
|
|
| After installing Fedora Core 1 and running yum update, some of the
| package updates display "MD5 digest: BAD". Apparently, these packages
| did not have the expected checksums. I believe they installed anyway.
|
| My initial response was to freak out about this, but some other linux
| jockies I spoke with said "no, that's normal, I see that all the time.".
|
| Thanks for your thoughts.
|
| - Dan
|
|
gpgcheck=1
- --
- ----------
Doug Stewart
Systems Administrator/Web Applications Developer
Lockheed Martin Advanced Technology Labs
Quidquid latine dictum sit, altum viditur
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFAKSrMN50Q8DVvcvkRAkZjAJ9SUnMcwYNqF1H4HnwcrIeQNWwGNACeMAaW
d/1obJh+28Ng6J/LF+vzT9c=
=DZjR
-----END PGP SIGNATURE-----
More information about the users
mailing list