[oclug] openssl095a conflicts
Curtis Ireland
cireland at solidum.com
Wed Aug 15 11:09:34 EDT 2001
At 11:04 AM 2001/08/14 -0400, Strosberg, Bill wrote:
> > From: Sean Loch [mailto:scloch_ca at yahoo.com]
> > Sent: Tuesday, August 14, 2001 10:51 AM
> > To: OCLUG
> > Subject: [oclug] openssl095a conflicts
> >
> >
> > Anyone try installing the openssl095a rpm and run into
> > conflict problems like the following:
> >
> > file /usr/lib/libcrypto.so.0.9.5a from install of
> > openssl095a-0.9.5a-1
> > conflicts with file from package openssl-0.9.5a-14
> > file /usr/lib/libssl.so.0.9.5a from install of
> > openssl095a-0.9.5a-1
> > conflicts with file from package openssl-0.9.5a-14
>
>Sean:
>
>FWIW, something as critical as openssl SHOULD be installed from verified
>source and compiled on your system. RPM's should NEVER be trusted for
>something as important as critical encryption resources on your system used
>for ssh & ssl. Also, remember to verify the source, checksums and clean up
>after compiling!
>
>Compiling openssl isn't as difficult as you may think and the instructions
>on the web site are very clear and easy to follow.
Which is why RPM has a feature to sign with PGP (or GnuPG) signatures.
Security packages should always be checked against the author's public key.
At the very least, you will know who made the package and who to strangle
when it all goes wrong :o)
-C
--
Curtis Ireland - cireland at solidum.com
Solidum Systems - http://www.solidum.com
(T) (613)724-6004 x284 - (F) (613)724-6008
More information about the OCLUG
mailing list