Should Fedora rpms be signed?
Matias Féliciano
feliciano.matias at free.fr
Tue Oct 26 10:39:27 UTC 2004
Le mardi 26 octobre 2004 à 12:25 +0200, Ralph Angenendt a écrit :
> nodata wrote:
> > A recent scam involving fake updates to Fedora has highlighted the lack of
> > signed RPMs for Fedora Core.
>
> What do you mean?
>
> | [angenenr at localhorst packages]$rpm -K samba-common-3.0.6-2.fc2.i386.rpm
> | samba-common-3.0.6-2.fc2.i386.rpm: (sha1) dsa sha1 md5 gpg OK
>
Only gtk2, gtk2-devel, fedora-release and rpmdb-fedora are not signed
currently (because FC3 finale).
Two weeks ago, there are 600 packages not signed (1 Go).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20041026/74c153b1/attachment.sig>
More information about the fedora-test-list
mailing list