[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [suse-security] Secure updating/installing of packages
From: suse@xxxxxx [mailto:suse@xxxxxx]
Sent: 21 July 2004 14:09
Subject: Re: [suse-security] Secure updating/installing of packages
Quoting Christian <neodaxus@xxxxxxx>:
> > All SuSE packages are cryptographically signed with the SuSE build key
> > (build@xxxxxxx). It is automatically installed from the CDs.
> But does YOU and Yast check the signature of every package before
> installing it? Who knows this for sure?
I haven't looked at the code, but the program is supposed to
If you uninstall GPG and then install/patch other products then you get a popup from Yast for each one telling you that it cannot verify the signature and asking if you want to proceed.
This e-mail and the documents attached are confidential and intended
solely for the addressee; it may also be privileged. If you receive this
e-mail in error, please notify the sender immediately and destroy it.
As its integrity cannot be secured on the Internet, the Atos Origin group
liability cannot be triggered for the message content. Although the
sender endeavours to maintain a computer virus-free network, the sender
does not warrant that this transmission is virus-free and will not be
liable for any damages resulting from any virus transmitted.
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here