Proposal: Discourage rpmbuild --sign
Rui Miguel Seabra
rms at 1407.org
Wed Dec 31 19:19:18 UTC 2003
On Wed, 2003-12-31 at 19:02, Willem Riede wrote:
> On 2003.12.31 12:24, Rui Miguel Seabra wrote:
> While that is a good practice, is it sufficient? How do you know that the
> package you just attached your reputation to (by signing with your key)
> isn't going to trash or take over the system of any user that installs it?
Because I trust in the fellowship that develops AbiWord and from close
contact.
OF COURSE it is not sufficient, please read
http://www.acm.org/classics/sep95/
to grasp how bad it _IS_POSSIBLE_ to be.
Now define a level you can live with and start reasoning from there.
OF COURSE it is not sufficient, but it's one more layer that should be
added and doesn't penalize efficiency.
Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
See http://www.fsf.org/philosophy/no-word-attachments.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20031231/1c8f5cec/attachment.sig>
More information about the fedora-devel-list
mailing list