First, I am ex-Debian user. I just wondering why Slackware security packages ( patches ) is distributed to mirror too? I mean it is nice that we download security packages only from main site not from mirror just like in Debian.

Ok, second question. I am just little confuse to verify patches. I have no problem with md5sum. I got problem with asc files. I know it is related with gpg. I have gpg installed. So how do I verify this asc files? My guess would be by using Slackware public key. I found this key from http://www.slackware.com/gpg-key

How do I import this key? After importing how do I verify this asc files?

Please forgive this newbie question. I just learn about gpg today and put attention to security just a month before.

Hi there

Your first comment I disagree with . Redundancy (as far as packages are concerned) is good. If you can't trust a mirrored package with a key that checks out then how can you trust the same package from an official site? Besides, since when is having one security patch repository any guarantee of security? (http://www.linuxsecurity.com/article...icle-8393.html)

Regarding your question on gpg, the following article covers importing, exporting and listing of gpg keys and other useful information:
http://www.linuxjournal.com/article.php?sid=7354

On the first point. You will have to remember that Slackware is Pat Volkerding. It is not a huge community like Debian. You say the patches are just from Debian, but look how many servers they have to choose from. Slackware.com could not handle the bandwidth that would be needed to distribute all the patches to all the users.