On Sun, 2004-10-24 at 22:15 -0500, Ian Pilcher wrote:
AMAZING POWERS OF OBSERVATION wrote:
Official messages from the Red Hat security team are never sent unsolicited, are always sent from the address secalert@redhat.com, and are digitally signed by GPG. All official updates for Red Hat products are digitally signed and should not be installed unless they are correctly signed and the signature is verified..."
Too bad rawhide updates often *are* unsigned.
Which is chiefly why you're supposed to keep it off critical systems.. that and the not-so-rare its-completely-borked-again occurrences. It would certainly be nice to have them all come signed however.