[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Online Update Security

On Jan 20, Zoran Cvetkovic <Zoran.Cvetkovic@xxxxxxxxx> wrote:
> Suse's online update is using http or ftp to download patches
> and updated packages from numerous mirrors.
> What cryptographical checks are done to the downloaded packages
> to ensure that they are what they pretend to be?

YOU verifies the GPG signature of the patch description files
(in /pub/suse/$arch/update/$osversion/patches), as well as
the GPG signatures on the RPMs themselves.

Olaf Kirch     |  Stop wasting entropy - start using predictable
okir@xxxxxxx   |  tempfile names today!

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here