On Mon, 19 Nov 2001, David Talkington wrote: > This command: > > $ rpm --checksig --nogpg <packagename> > > meets with my skepticism. It checks the md5 sum of an rpm package. > - From where does rpm get the sum to which it compares the computed > value? If it comes from within the file itself, absent any > out-of-band confirmation of the actual md5 sum associated with that > package, how is this in any way meaningful? It lets you detect if file has been changed or corrupted by accident or error rather than by someone's malicious action.
> > - -d > > - -- > David Talkington > http://www.spotnet.org _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
