[CentOS] Security: should I be concerned?

Wed Oct 12 16:18:59 UTC 2005
Nels Lindquist <nlindq at maei.ca>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12 Oct 2005 at 9:20, William L. Maltby wrote:

<snip>

> My second concern is with security update announcements. For all the
> announcers but one (IIRC) I get "Invalid signature" displayed (using
> Evolution). I would ask "Should I be concerned?", but the answer is
> self-evident in security circles. So instead, I'll ask if this is
> acceptable in the official CentOS and I can continue to rely on their
> stuff in their opinion.

Do you have any more detail as to why the invalid signatures?  Does 
it give you a different message if you haven't imported someone's 
public key?  You might want to check out your GPG integration setup 
with Evolution.  I'm using Thunderbird/Enigmail to read list mail, 
and all of the CentOS announcement messages have verifiable 
signatures.  I assume you have no trouble with PGP/MIME since that 
appears to be what you're using...

- ----
Nels Lindquist <*>
Information Systems Manager
Morningstar Air Express Inc.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (MingW32)

iD8DBQFDTTdxbxRqvNchgLQRAjdNAJ9wlUbuQKj6luAHShr25aOvjfA9TwCfU5sX
UjD4Xtqla00YOj7Z/oS2dw8=
=vlwz
-----END PGP SIGNATURE-----