How YOU (Yast Online Update) verifies package integrity before installation?
Hi all!
I have google'd around a few minutes but i have not found something that answer to the question: How YOU could 'know' that the packages download-ed from an update server/mirror are the 'real' ones? Let's say we have an update available for package Xyz on some server. So, before doing an update, it could retrieve from a suse server ( i.e. a server _administrated_ by SUSE ) a simple LIST in the form ( XYZ <--> md5) and, after comparing the md5 ( performed by the YOU ) with the one from the LIST, we could relatively know it's 'ok'.. Does someone has an idea of how it works? Thanks. |
I don't know the exact procedure, but from reading /var/log/YaST2/y2log I learned that YOU is checking signatures of each patch:
Code:
[liby2util++] GPGCheck.cc(GPGCheck):30 Directory '/var/lib/YaST2/gnupg' exists. |
Quote:
I think i will sleep much better at night.. ;) :D |
All times are GMT -5. The time now is 04:15 AM. |