David,
--checksig checks the PGP signature. The RPM itself is signed and
thus contains the signature. I presume you mean --nopgp ? This "ignores PGP
errors when verifying". Its not a md5 checksum, it doesn't check the
correctness of the file only the origin.
Steve
-----Original Message-----
From: David Talkington [mailto:[EMAIL PROTECTED]]
Sent: 20 November 2001 03:40
To: [EMAIL PROTECTED]
Subject: another md5sum question
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This command:
$ rpm --checksig --nogpg <packagename>
meets with my skepticism. It checks the md5 sum of an rpm package.
- From where does rpm get the sum to which it compares the computed
value? If it comes from within the file itself, absent any
out-of-band confirmation of the actual md5 sum associated with that
package, how is this in any way meaningful?
- -d
- --
David Talkington
http://www.spotnet.org
PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp
-----BEGIN PGP SIGNATURE-----
Version: PGP 6.5.8
Comment: Made with pgp4pine 1.75-6
iQA/AwUBO/nQm79BpdPKTBGtEQKmCwCg9t3ysISNRwzVSTWNMbA9oN4sHTUAnRKv
jRA0zBCniuHjDQ9mmi3b+IPd
=FVag
-----END PGP SIGNATURE-----
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
