> I would also like to know what these 'PGP' signed rpm's mean. I mean if I
> get an rpm with a few lines of crazy characters beneath it how does it
mean
> that it is authentic. I wouldn't be able to tell the difference between
such
> a package and one where someone just types in some similar characters and
> claims them to be authentic.
assuming that u know how pgp works, what happens when you get a pgp signed
document/file/rpm is that you can verify the source of the document. to do
this you check the signature of the document against the public key of the
person who has signed it. Of course if someone just types in some junk
characters then pgp will give a wrong signature kind of error(i dunno
exactly what it gives, but ....). Red Hat signs all the rpms and also gives
u a copy of their public key with their distributions.. also u cud get the
public key of anyone who signs from a trusted source (like the web site of
the company in question or some other third part agency)
Bye,
/\ |\/| |3 /\ r
--------------------------------------------------------------------
The mailing list archives are available at
http://lists.linux-india.org/cgi-bin/linux-delhi
