significance of rpms w/ bad signatures?
i often download rpm's from sourceforget that have bad signatures. what does that mean and does anyone know why they're bad?
|
Whoever made the rpm did not add the sig. If they have a public key you can import it with:
rpm --import PUBLICKEY The sig is how you ensure the package has not been fiddled with since it was placed on the ftp server. I think if you get a package from sourceforge you can feel safe installing it. |
All times are GMT -5. The time now is 07:21 AM. |