-----Original Message----- From: suse@rio.vg [mailto:suse@rio.vg] Sent: 21 July 2004 14:09 To: suse-security@suse.com Subject: Re: [suse-security] Secure updating/installing of packages Quoting Christian <neodaxus@gmx.net>:
All SuSE packages are cryptographically signed with the SuSE build key (build@suse.de). It is automatically installed from the CDs.
But does YOU and Yast check the signature of every package before installing it? Who knows this for sure?
I haven't looked at the code, but the program is supposed to If you uninstall GPG and then install/patch other products then you get a popup from Yast for each one telling you that it cannot verify the signature and asking if you want to proceed. __________________________________________________________________________ This e-mail and the documents attached are confidential and intended solely for the addressee; it may also be privileged. If you receive this e-mail in error, please notify the sender immediately and destroy it. As its integrity cannot be secured on the Internet, the Atos Origin group liability cannot be triggered for the message content. Although the sender endeavours to maintain a computer virus-free network, the sender does not warrant that this transmission is virus-free and will not be liable for any damages resulting from any virus transmitted. __________________________________________________________________________