« previous next »
Pages: [1]   Go Down

Author Topic: Signatures?  (Read 493 times)

Offline Kaboosh

  • Jr. Member
  • **
  • Posts: 29
Signatures?
« on: December 15, 2010, 11:00:33 PM »
This is just a curiosity that came up but are our PCLinuxOS repositories signed?  I don't see any <KEY> entries in /etc/apt/sources.list so what are we doing to ensure integrity?  Do we sign individual RPMs?
« Last Edit: December 15, 2010, 11:06:05 PM by Kaboosh »
Logged

Offline Texstar

  • Administrator
  • Super Villain
  • *****
  • Posts: 12501
Re: Signatures?
« Reply #1 on: December 15, 2010, 11:20:03 PM »
1. All new packages are processed through a central server from trusted sources and verified before they are uploaded to the repos.

2. The repos are secured via md5sums through the package lists. If you try to replace a rpm in the repo, the md5sum would not match the package list and error out. While someone might be able to also replace a package list on a server it would get corrected in less than 12 hours due to the repos being dynamic instead of static.

« Last Edit: December 15, 2010, 11:22:40 PM by Texstar »
Logged

Thanks to everyone who donates. You keep the servers running.

Offline melodie

  • Hero Member
  • *****
  • Posts: 5942
  • XMMP=Jabber, free instant messaging protocol !
    • PCLinuxOS Fr
Re: Signatures?
« Reply #2 on: December 16, 2010, 02:42:54 PM »
Hi,

There is a section in Synaptic to configure the signature ? Is it of no use ?

I mean:



Thanks.

Logged
melodie at swissjabber dot ch - IRC #pclinuxos-fr sur freenode
Pages: [1]   Go Up
« previous next »