Yum is great, but do you trust them?

[WipeOut]

Dan Stoner wrote:

> Hi,
>
> I think yum is a great tool for easing the install and update of
> packages.  However, I'm a little concerned about the security of getting
> patches this way, especially with the recommendations of changing the
> yum.conf to include servers that are "closer."
>
> Would anyone do this on a server?  Would you trust the core repository
> more than the mirrors?  Am I crazy even for considering Fedora for a
> server installation?
>
>
> After installing Fedora Core 1 and running yum update, some of the
> package updates display "MD5 digest: BAD".  Apparently, these packages 
> did not have the expected checksums.  I believe they installed anyway.
>
> My initial response was to freak out about this, but some other linux
> jockies I spoke with said "no, that's normal, I see that all the time.".
>
> Thanks for your thoughts.
>
> - Dan
>
>
In my opinion YUM is awesome, it makes life much easier..

The mirrors are copys of the origian repository so I dontsee any reason 
not to trust the mirror any less than the original repository..

As for using FC on servers, I am in the process of doing just that, I 
went off and tried Gentoo, Debian and a number of other distros when RH 
said there would be no more RHL but I cam back to Fedora because it is 
still and awesome OS like RHL before it.. And time will only tell what 
the future versions have to offer..

Also with projects like Fedora Legacy you will be able to run FC1 on 
your server for a reasonable length of time..

Later..