[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Livna / RPMFusion updates



On Mon, 3 Nov 2008 19:24:56 +0000, mike cloaked wrote:

> Mike <mike.cloaked <at> gmail.com> writes:
> 
> > Doing:
> > less /etc/yum.repos.d/rpmfusion-free-updates.repo
> > shows that gpgcheck is enabled so if any future updates come in then
> > it will check against the keys. Since the rpm that installed to put these
> 
> I guess the key signatures can be checked against those held in the rpm-fusion
> web pages somewhere although at this point I must admit I could not find the
> key signatures anywhere!
> 
> Maybe someone will enlighten me as to where they are so we can check against
> keys in our systems - if we want to be really paranoid!
> 

Have you noticed that the RPM Fusion GPG key as included in Livna's
rpmfusion-*-release packages is signed indirectly with the Livna GPG key
and the RPM package signature? You can run "rpm -Kv" on the downloaded
pkgs to check that manually. Example:

$ rpm -Kv rpmfusion-free-release-8-5.noarch.rpm 
rpmfusion-free-release-8-5.noarch.rpm:
    Header V3 DSA signature: OK, key ID a109b1ec
    Header SHA1 digest: OK (c14f7fdce7a405469ed927933064ab9860e9eb57)
    MD5 digest: OK (bd8e3eb77d44d74316f659ddc3bd861e)
    V3 DSA signature: OK, key ID a109b1ec

 


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]