[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Online Update Security
On Jan 20, Zoran Cvetkovic <Zoran.Cvetkovic@xxxxxxxxx> wrote:
> Suse's online update is using http or ftp to download patches
> and updated packages from numerous mirrors.
> What cryptographical checks are done to the downloaded packages
> to ensure that they are what they pretend to be?
I am not sure about YOU, but fou4s (another implementation of suse online
update) verifies the signatures against the suse build key, which is
installed by default from the SuSE CD.
> Is there any documentation about that ?
Other than the source (both fou4s/you)? I don't think so.
Markus Gaugusch \ / ASCII Ribbon Campaign
markus(at)gaugusch.at X Against HTML Mail
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here