> The risks may be small, but last year the openssh project site (I think > it was openssh) was hacked and a malicious .tar.gz file was substituted > in the download area. It was about a week before anyone noticed. > > To put someones gpg identity on your key ring. Download their public key > which you will find somewhere on their download site and in a root > terminal enter ' gpg --import key_file_name'
The problem is often that the rpm's aren't signed to begin with...
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
