On Thursday 27 February 2003 12:33, Jennifer Fountain wrote: > I wanted your opinion about retrieving updates from the red hat network > via the rh agent. I absolutely love the fact that Red hat emails you > with updates and the agent (acting like the windows update agent or did > windows steal this from rh:)) can retrieve these updates. However, I am > not sure how "secure" or if I should be concerned about this process. > What is the consensus from everyone? Good tool? Shouldn't use it > because...?
The default settings for up2date/RHN ask it to check against GPG. And it uses a certificate for the HTTPS connection albeit it is RH's own CA. So from an ~architecture~ standpoint it isn't bone-headed. I don't know if the client, rhnd, etc. have been extensively audited or not though. Cheers, -Ali -- OpenPGP Key: 030E44E6 -- Was I helpful?: http://svcs.affero.net/rm.php?r=packetknife -- I consider forced-full-duplex to be a serious issue somewhere between "..and these cars have the brake pedal on the right" and "we decided to put the drinking water in the brown jugs, and the 'other' water in blue". You won't necessarily die right away, but it isn't healthy. -- Donald Becker
