On Tue 20 November 2001 15:15, you (Wojtek Pilorz) wrote: > On Mon, 19 Nov 2001, David Talkington wrote: > > This command: > > > > $ rpm --checksig --nogpg <packagename> > > > > meets with my skepticism. It checks the md5 sum of an rpm package. > > - From where does rpm get the sum to which it compares the computed > > value? If it comes from within the file itself, absent any > > out-of-band confirmation of the actual md5 sum associated with that > > package, how is this in any way meaningful? > > It lets you detect if file has been changed or corrupted by accident or > error rather than by someone's malicious action.
No. 1) Modified file also has its md5 sum. 2) The md5 of the modified file will be different than the md5 of an unmodified one. How the rpm finds what is the unmodified md5? --Mariusz -- Tego nie znajdziesz w żadnym sklepie! [ http://oferty.onet.pl ] _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
