Be surprised: I run "gpg --verify foo.tgz.sign foo.tgz" every time I download
from kernel.org. And, "rpm --checksig *.rpm" on stuff from redhat.com too.
Given the recent trojaned source packages, I recommend that everyone do the
same.
= = = =
The preceding public service message has been sponsored by Anal Retentive
Sysadmins .Org (Motto: Constipation: It's not just a gob, it's a career!)
> > Alan
-- James Cleverdon IBM xSeries Linux Solutions {jamesclv(Unix, preferred), cleverdj(Notes)} at us dot ibm dot com- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/