Verifying a package is legit [Solved]

If you are new to Linux or new to Sabayon Linux and just not sure where to post, here ya go. Post without fear of being told to RTFM :)

Moderator: Moderators

Post Reply
Jago25_98
Young Hen
Posts: 21
Joined: Sun Nov 20, 2011 22:18

Verifying a package is legit [Solved]

Post by Jago25_98 » Tue Jan 24, 2012 1:11

http://packages.sabayon.org/show/bitcoi ... -show-what

Here we have the Bitcoin page.

First, where are the downloaded packages cached to do a md5sum? Second, what's the sha356 command?
That's the basics.

But next, how do I know someone hasn't simply uploaded a wallet stealing version and changed the md5sum on the page too?

I know the big distros have some sort of security process. I remember reading about it for debian ages ago. But how does entropy handle it?
Last edited by Jago25_98 on Tue Nov 27, 2012 15:36, edited 1 time in total.
Everytime someone helps me I give $5 to Sabayon. Hopefully this will speed up equo bandwidth. If someone has helped you, why not say thanks and donate to speed it up for all :-)

Fitzcarraldo
Sagely Hen
Posts: 8218
Joined: Sat Mar 10, 2007 5:40
Location: United Kingdom
Contact:

Re: Verifying a package is legit

Post by Fitzcarraldo » Tue Nov 27, 2012 14:24

By using public-key based encryption authentication. Encryption is based on the RSA 2048-bit algorithm. See the Entropy source code for details: http://eapi.sabayon.org/entropy.securit ... class.html

Jago25_98
Young Hen
Posts: 21
Joined: Sun Nov 20, 2011 22:18

Re: Verifying a package is legit

Post by Jago25_98 » Tue Nov 27, 2012 15:35

Damnit Fitz, that's another $5!

Thanks :-)
Everytime someone helps me I give $5 to Sabayon. Hopefully this will speed up equo bandwidth. If someone has helped you, why not say thanks and donate to speed it up for all :-)

Post Reply