On 2 Apr 2003, Ezra Nugroho wrote: > dude, that's from RHN! > > On Tue, 2003-04-01 at 17:38, Bill Carlson wrote: > > On 1 Apr 2003, Ezra Nugroho wrote: > > > > > > > > Binary Disc 1 638M 400c7fb292c73b793fb722532abd09ad > > > Binary Disc 2 646M 6b8ba42f56b397d536826c78c9679c0a > > > Binary Disc 3 485M af38ac4316ba20df2dec5f990913396d > > > Source Disc 1 608M 0727c51ab359dafa9ab31e0c50958aa6 > > > Source Disc 2 645M 2ddd8e6a8502869cd2e78d47590b9be1 > > > Source Disc 3 424M f378cf68b22c3b9a64c86b5067511630 > > > > Ok, but how do we KNOW those are really the OFFICIAL ones? > > > > :) > > > > I can just see this whole bitorrent thing being a massive trojan > > attack....it IS April 1st after all.
:) <- note, smiley, turn on humor filter. But how do I KNOW that? They're not GPG signed, all I have is your word on a mailing list. Do you see the point? BitTorrent is all good, but you should be careful in verifying what is downloaded, preferably against a source other than the .torrent provider. I'm certainly not implying you are supplying fake MD5SUMs, Ezra. However, from a security perspective one should realize that you COULD be supplying fakes and one currently has no way to verify they are not fake. In this case, a GPG signed list of MD5SUMs from Redhat would be the thing, which those of us without RHN will probably get next week. Bill Carlson -- Systems Administrator [EMAIL PROTECTED] | Anything is possible, Virtual Hospital http://www.vh.org/ | given time and money. University of Iowa Hospitals and Clinics | Opinions are mine, not my employer's. | -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
