![[linux@DUKE logo]](/_site/images/blue_penguin-2.0_small.png)
With any sort of a centralized updating system it is important to ensure that the packages one is downloading have not been tampered with. The RPM packaging system takes care of that by allowing electronic signatures on every package. Due to the nature of PGP/GPG, it is impossible (or, rather, improbably difficult) to forge that signature without having a what is called "private key", which only the administrators of Linux@DUKE have access to.
The gpg-checking mechanism is automatically enabled. Any package that does not verify against the "public key" you have stored on your computer will not be installed and a warning will be issued to notify you of the problem.
If you want to be extra sure, email Linux@DUKE administrators to get the public keys first-hand: admin.[at].linux.duke.edu