On Wed, 25 May 2005, Timothy Murphy wrote:
> I said that was the correct thing to do.
> Unfortunately, it is often quite difficult to find the key.
It's usually in /usr/share/doc/fedora-release-<ver>/
If you add a 3rd party repository, they should have instructions.
> Are you saying there are hackers going around inserting RPMs with
> bad keys in yum repositories? I never heard of that happening.
Not of yum repositories, but attacking distribution sites to trojan
software in between author and users is a common attack. Eg, Wietse
Venema's tcp_wrappers (?) many years ago, the Linux kernel BKCVS
incident (which was caught because next BK->CVS export didnt match).
If you can trojan software on a major distribution site, you can have
trojan many many machines. Without signing, no one might ever find
out.
> Unless of course I don't want you to reply ...
Indeed ;).
regards,
--
Paul Jakma paul at clubi.iepaul at jakma.org Key ID: 64A2FF6A
Fortune:
FORTUNE'S FUN FACTS TO KNOW AND TELL: #44
Zebras are colored with dark stripes on a light background.
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
