On Wed, Feb 05, 2003 at 06:40:30PM -0500, GarUlbricht7@netscape.net wrote: [ basically: do I need rpm --checksig -v *.rpm or not ]
My question remains:
Does "kpackage" do a "checksig" (i.e. against the suse key ring, MD5)
TIA
~Gar
I did a brief grep on the source (I do not use this package), which is comming with the suse CDs, and it showed calls to rpmlib verifying the headers, but nothing about signatures. only reference about MD5 sums is when verifying files of installed packages against rpm db. you may want to have a look yourself. to prove: just move all suspective keyrings somewhere else, and see what happens. or do strace the program, and grep there for acess of the keyrings. you won't find any, I guess. this was suse 8.1, kdeadmin3-3.0.3 yes, I know there is a 3.0.4 out with The official KDE 3.0.4 update for SuSE 8.1. M: 2002-10-24 10:01:52 KDE 3.0.4 update [security]) so yes, you have to check the authenticity yourself. or you may use fou4s, next release will be soon :) Lars