Hello,
Is it possible to get a version of the rpm package that has been gpg signed, or if it is not, posting the checksums of the packages somewhere on the site to verify against?
Thank you.
Hmm, the yum repos are not signed (but the apt ones are?)
If you are using yum repos (http://sensuapp.org/docs/latest/packages\)
you should be able to let Yum do checksumming for you.
http://repos.sensuapp.org/yum/el/6/noarch/repodata/repomd.xml (etc)
Or are you more concerned against comparing the checksum of things on
repos.sensuapp.org to the main sensuapp.org page?
···
On Tue, Aug 26, 2014 at 12:38 PM, Travis Graham <ttmartingraham@gmail.com> wrote:
Hello,
Is it possible to get a version of the rpm package that has been gpg signed,
or if it is not, posting the checksums of the packages somewhere on the site
to verify against?Thank you.
My main concern is comparing the checksums from repos.sensuapp.org to what is listed on the sensuapp.org page. My predicament is I cannot install software in my environment without being able to verify its integrity. Since the apt packages seemed to be signed I was hoping it would be a trivial matter to also start signing the rpm ones. However if the checksum for each package was posted on the site then I would be able to satisfy the requirements that way as well.
···
On Wednesday, August 27, 2014 5:07:51 AM UTC+1, Kyle Anderson wrote:
Hmm, the yum repos are not signed (but the apt ones are?)
If you are using yum repos (http://sensuapp.org/docs/latest/packages)
you should be able to let Yum do checksumming for you.
http://repos.sensuapp.org/yum/el/6/noarch/repodata/repomd.xml (etc)
Or are you more concerned against comparing the checksum of things on
repos.sensuapp.org to the main sensuapp.org page?
On Tue, Aug 26, 2014 at 12:38 PM, Travis Graham > > ttmarti...@gmail.com wrote:
Hello,
Is it possible to get a version of the rpm package that has been gpg signed,
or if it is not, posting the checksums of the packages somewhere on the site
to verify against?
Thank you.