On Thu, 2005-07-28 at 13:58 +0900, Dave Gutteridge wrote:
Bryan, I hope my comments about information gathering were not taken personally.
Why would they be? Any comments I made were directed to people _other_ than yourself. ;->
Yes, that turned out to be the case. Thanks for suggesting this.
No problem.
The RPM database uses Berkeley Sleepycat DB, and it's implementation as the RPM database is not setup to allow more than program to have write access into it.
Okay, now I'm over that obstacle, now I am curious. Why did Fedora seem to be able to install things through yum immediately after install, and CentOS had to do this key installation stuff?
Red Hat distributes a set of Fedora keys with its base install. Same deal with Red Hat Enterprise Linux. If you start tapping repositories that do not have keys in the base install, you'll need to add them too.
I'm not really up-to-snuff on the keys included with CentOS. I deploy RHEL far more than CentOS (my apologies).
I assume you already know this, but: - Any major "packages" system (DPKG, RPM) have a way for packages to be signed - Most major, automated "front-ends" (APT, YUM, UP2DATE) often check for valid signatures on packages using existing keys - Any keys not included in the base install will need to be imported from a trusted source, so they can then be checked on packages to guarantee they come from that trusted source
Ideally, the keys should come with the distro, but once you start adding repositories, they don't always.