Fedora updates - package does not have a valid GPG
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Fedora updates - package does not have a valid GPG
I have Fedora Core 1 installed.
When I try to download Fedora's updates from Redhat, some of the updates return the following message; "The package 'does not have a valid GPG signature. It has been tampered with or corrupted.' Continue No, Yes."
Is there a security risk if I continue?
Will the packages corrupt my system if I try to install them?
Is anyone maintaining redhat's downloads to protect against scriptkiddies tampering with files? These Fedora update files have been on there web site for quite some time now and no one has done anything to change them.
Can anyone answer these questions or does anyone have any comments or suggestions!
Last edited by nygiants#1; 04-27-2004 at 08:52 PM.
I installed all the good files from Redhat because I downloaded them individually. It was the only way I could do it to prevent me from installing the files the produced the above error message. Therefore I do not want to install anymore files in the directory /var/spool/up2date until I know it is safe to do so.
Since I have installed the the good files, is it now safe to delete everything in that directory and if so what is the command I would use?
If you put the package name into goole it will bring up sites that contain that package. I try to use mirror sites that are in universities, as they are usually pretty careful about security. Always use the md5 checksum from Redhat to deterine if the package has been tampered with or contains errors.
the rpm install always checks by default so if you are successful by running rpm -iv *rpm in the up2date folder that is ok. If you get errors remove the bad file.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
Fedora updates - package does not have a valid GPG
