How to validate IBM rpms?

[ldmwndletsm]

We need to download the lin_tape device driver rpm and daemon rpm from IBM for IBM LTO tape drives. I can get to the download no problem, but there's no checksums. This is not under Passport Advatange wherein SHA1s are provided for each file, instead under Downloads>Fix Central where I see no checksums. How can we validate the download or signature? Does anyone know if IBM has a public key anywhere that we can use to validate their rpms?

I see nothing in the IBM Tape Device Drivers User's Guide (GC27-2130-23_0.pdf) or any of the associated readme files
(lin_tape.ReadMe, install.README), not that I expected to find anything in those, of course.

Thanks.

 

[ldmwndletsm]

To be clear, I'm not referring to validating that the file was not corrupted during download but rather how can we validate the signature on these? Are they signed? If so, where can we get the builder's key public key?

 

[ldmwndletsm]

None of these rpms appears to be signed (`rpm -qip` reports: "Signature : (none)"). The only information I can find on IBM's site pertaining to signatures and public keys is for BigFix 9.5. If there are no signed copies of their rpms then do they maintain any checksums anywhere on their site for these? Or is this something that the customer must make a special request for?

 

[moon-buddy]

None of these rpms appears to be signed (`rpm -qip` reports: "Signature : (none)"). The only information I can find on IBM's site pertaining to signatures and public keys is for BigFix 9.5. If there are no signed copies of their rpms then do they maintain any checksums anywhere on their site for these? Or is this something that the customer must make a special request for?

I haven't heard nor seen any request for signed RPM files.

On one hand, why do you need to have these signed? These are just drivers.