RE: [suse-security] Secure updating/installing of packages

["Hemsley, Trevor" <Trevor.Hemsley@xxxxxxxxxxxxxx>]

-----Original Message-----
From: suse@xxxxxx [mailto:suse@xxxxxx]
Sent: 21 July 2004 14:09
To: suse-security@xxxxxxxx
Subject: Re: [suse-security] Secure updating/installing of packages


Quoting Christian <neodaxus@xxxxxxx>:
>
> > All SuSE packages are cryptographically signed with the SuSE build key
> > (build@xxxxxxx). It is automatically installed from the CDs.
>
> But does YOU and Yast check the signature of every package before
> installing it? Who knows this for sure?
>

I haven't looked at the code, but the program is supposed to

If you uninstall GPG and then install/patch other products then you get a popup from Yast for each one telling you that it cannot verify the signature and asking if you want to proceed.


__________________________________________________________________________
This e-mail and the documents attached are confidential and intended 
solely for the addressee; it may also be privileged. If you receive this 
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group 
liability cannot be triggered for the message content. Although the 
sender endeavours to maintain a computer virus-free network, the sender 
does not warrant that this transmission is virus-free and will not be 
liable for any damages resulting from any virus transmitted.
__________________________________________________________________________

--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here