The way this would work is as follows: There is some fine, reliable, company staffed by honest people, e.g., SuSE. SuSE would distribute a CA certificate with their CD. That way we are pretty darn sure we don't accept some impersonator's CA certificate. This CA certificate would already be installed into YAST. When rpms are installed, YAST would check to see if they are properly signed and unaltered. Binary RPMs could even be bound to their related source by hashing the source and including the hash in the binary rpm before signing it.
Sounds good, is good. It's actually built into rpm. I can personally acknowledge that Red Hat has made use of this feature since RH 4.0. What I do not understand is why SuSE completely ignores this. I pointed that out / suggested that 6 days ago on the suse-security list, but there was no followup/reply from anyone at all. Instead, SuSE publishes MD5 checksums for their updated rpms. Those checksums are also on the CD of the distribution. Needless to say, due to human error the checksums published do not always match the ones of the actual rpm. As you don't really know which is which, the whole thing kind of turns into a farce. If SuSE signed the rpms before releasing them, the human error would be avoided (unless someone used a wrong signature - something Red Hat has not managed in versions 4.0, 4.1, 4.2, 5.0, 5.1, 5.2, 6.0). Volker -- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/Support/Doku/FAQ/