-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
This command: $ rpm --checksig --nogpg <packagename> meets with my skepticism. It checks the md5 sum of an rpm package. - From where does rpm get the sum to which it compares the computed value? If it comes from within the file itself, absent any out-of-band confirmation of the actual md5 sum associated with that package, how is this in any way meaningful? - -d - -- David Talkington http://www.spotnet.org PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp -----BEGIN PGP SIGNATURE----- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBO/nQm79BpdPKTBGtEQKmCwCg9t3ysISNRwzVSTWNMbA9oN4sHTUAnRKv jRA0zBCniuHjDQ9mmi3b+IPd =FVag -----END PGP SIGNATURE----- _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
