[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Online Update Security

On Jan 20, Zoran Cvetkovic <Zoran.Cvetkovic@xxxxxxxxx> wrote:
> Suse's online update is using http or ftp to download patches
> and updated packages from numerous mirrors.
> What cryptographical checks are done to the downloaded packages
> to ensure that they are what they pretend to be?
I am not sure about YOU, but fou4s (another implementation of suse online
update) verifies the signatures against the suse build key, which is
installed by default from the SuSE CD.

> Is there any documentation about that ?
Other than the source (both fou4s/you)? I don't think so.


__________________    /"\
Markus Gaugusch       \ /    ASCII Ribbon Campaign
markus(at)gaugusch.at  X     Against HTML Mail
                      / \

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here