Package integrity

[Björn Persson]

billg wrote:

> Frankly, too, I was concerned about the integrity of
> files I might pull down from unknown mirrors. Plenty of people seem to
> be mirroring files, but how do I know that their files are copies of the
> "official" files and not their own homebrew versions?

You check the signatures.

If you trust that the CD images you downloaded aren't tampered with, you
have all you need. Install GnuPG from CD if it isn't installed already,
and import Redhat's keys from the RPM-GPG-KEY files into RPM. Then turn
on signature checking in Yum and Up2date.

Björn Persson