On Thu, 2005-07-28 at 00:57 -0500, Bryan J. Smith wrote: > I'm not really up-to-snuff on the keys included with CentOS. I deploy > RHEL far more than CentOS (my apologies). > > I assume you already know this, but: > - Any major "packages" system (DPKG, RPM) have a way for packages to be > signed > - Most major, automated "front-ends" (APT, YUM, UP2DATE) often check for > valid signatures on packages using existing keys > - Any keys not included in the base install will need to be imported > from a trusted source, so they can then be checked on packages to > guarantee they come from that trusted source > > Ideally, the keys should come with the distro, but once you start adding > repositories, they don't always. --- they come with it... as root # updatedb # locate GPG-KEY /usr/share/doc/centos-release-4/RPM-GPG-KEY /usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4 /usr/share/doc/rpm-4.3.3/RPM-GPG-KEY /usr/share/doc/rpm-4.3.3/BETA-GPG-KEY /usr/share/rhn/RPM-GPG-KEY /usr/share/rhn/BETA-RPM-GPG-KEY /usr/share/rhn/RPM-GPG-KEY-fedora /usr/share/rhn/RPM-GPG-KEY-fedora-test /usr/share/rhn/RPM-GPG-KEY-centos4 # rpm --import /usr/share/doc/centos-release-4/RPM-GPG-KEY-centos4 Craig