[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] Online Update Security
On Jan 20, Zoran Cvetkovic <Zoran.Cvetkovic@xxxxxxxxx> wrote:
> Suse's online update is using http or ftp to download patches
> and updated packages from numerous mirrors.
> What cryptographical checks are done to the downloaded packages
> to ensure that they are what they pretend to be?
YOU verifies the GPG signature of the patch description files
(in /pub/suse/$arch/update/$osversion/patches), as well as
the GPG signatures on the RPMs themselves.
Olaf Kirch | Stop wasting entropy - start using predictable
okir@xxxxxxx | tempfile names today!
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here