Hello, theoretically it is possible that modified packages for Linux distributions are made available in order to create backdoors (e.g. through a hacked server or mirror, wrong IP routing / DNS resolving, or simply someone making available manipulated packages at a site under his control). I wonder how SuSE and other distros protect themselves against this threat. A MD5 only offers protection if before updating/installation it is checked against a list of packages and MD5's. However, when updating this list, it has to be made sure that the update comes from a trusted source and that it has not been tampered with. I have been told that for some Debian packages there is not even a MD5. At Gentoo I'm unsure if the list update is secure. Who knows about SuSE (YOU + Yast)? Thanks, Christian