[Yum] FW: Cron <root at fondue> run-parts /etc/cron.daily

seth vidal skvidal at phy.duke.edu
Sun Nov 9 22:18:12 UTC 2003


> Does the message "MD5 Signature check failed" mean just that the package
> checksum is not correct, or that the package is not correctly digitally
> signed?

it means that the python equiv of rpm -K failed on the md5 checksum.

> If the latter, then I think that using the suggested command is a really
> bad idea, as this will *bypass* this signature checking; if the package
> has been trojaned, the above will happily install the trojan. 
Why would it install the package?

rpm -V should check it and -p means check it in a file.
I admit rpm -K is easier, but I'm not sure why the other is dangerous.

> Just because I'm paranoid doesn't mean they're not out to get me....

oh they're out to get you, I asked. They said 'yep, out to get him' :)

-sv





More information about the Yum mailing list