-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi Gianni,
since the discussion was transferred to this list, I'll close the RT tickets... Best regards, Taki Giannis Stoilis said the following on 04.05.2007 19:21: > Hi, > > I sent this on the lpi-discuss by mistake. Let me know what you think. > > ---------- Forwarded message ---------- > From: Giannis Stoilis <[EMAIL PROTECTED]> > Date: May 4, 2007 3:39 PM > Subject: About objective 1.114.1 > To: [EMAIL PROTECTED] > Cc: "General discussion relating to LPI." <[EMAIL PROTECTED]> > > > Hi, > > I would like some clarification[and perhaps an update] on objective > "1.114.1 Perform security administration tasks". > > One key knowledge area is "Verify packages". Does it mean verifying > BEFORE installing or verifying validity of binaries AFTER > installation? > > For either .deb and .rpm packaging system, the first one requires > installation and configuration of pgp/gpg suite, including importing > the relevant keys on the system. This isn't included by default in any > debian installation, as far as I can see. I am not sure about Fedora > or other rpm based distributions but according to some instructions > about how to import fedora keys I found on the internet, I guess it's > not installed there too. > > Regarding the post-installation verification of packages, Debian > doesn't seem to include native support for verifying binaries. > Actually, including md5sums of binaries inside packages, seems > optional. There is, however utility debsums. > > On .rpm based installations things look better. rpm supports the -V > option to verify the installed binaries of a package against their > md5sums. However, for full usage, that needs gpg/pgp keys too. > > Unless there is an objection about the above, my point is: Should > there be an update on the objective to include basic gpg/pgp key > management? Additionally, could the phrasing of that key knowledge are > be clarified? > > > Regards > - Giannis > _______________________________________________ > lpi-examdev mailing list > [email protected] > http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev - -- Dimitrios Bogiatzoules Product Developer LPIC-2 Linux Professional Institute GnuPG Key ID A7E4D183 http://www.lpi.org [EMAIL PROTECTED] http://www.lpi-german.de -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFGO3HWQUbIQKfk0YMRAqYFAJoDRcQXCGP3NOkZzC4TIg1AdCNTtgCgpQFp 3SQDUL4nPaaizN6Q4J1ll/c= =faDO -----END PGP SIGNATURE----- _______________________________________________ lpi-examdev mailing list [email protected] http://list.lpi.org/cgi-bin/mailman/listinfo/lpi-examdev
