Page 1 of 1

Verifying a package is legit [Solved]

Posted: Tue Jan 24, 2012 1:11
by Jago25_98
http://packages.sabayon.org/show/bitcoi ... -show-what

Here we have the Bitcoin page.

First, where are the downloaded packages cached to do a md5sum? Second, what's the sha356 command?
That's the basics.

But next, how do I know someone hasn't simply uploaded a wallet stealing version and changed the md5sum on the page too?

I know the big distros have some sort of security process. I remember reading about it for debian ages ago. But how does entropy handle it?

Re: Verifying a package is legit

Posted: Tue Nov 27, 2012 14:24
by Fitzcarraldo
By using public-key based encryption authentication. Encryption is based on the RSA 2048-bit algorithm. See the Entropy source code for details: http://eapi.sabayon.org/entropy.securit ... class.html

Re: Verifying a package is legit

Posted: Tue Nov 27, 2012 15:35
by Jago25_98
Damnit Fitz, that's another $5!

Thanks :-)