Rawhide signatures
Elliot Lee
sopwith at redhat.com
Tue Jun 22 16:21:07 UTC 2004
On Tue, 22 Jun 2004, Nicolas Mailhot wrote:
> Le mar, 22/06/2004 à 10:19 -0400, Dan Williams a écrit :
> > AFAIK this is the case. Packages that are part of a "release", ie
> > Fedora Core x, or FCx Test x, are signed. Between releases, if a
> > package gets revved over the signed version, it is unsigned until the
> > next release.
>
> Yep, that is why I wrote a rawhide key would be great.
> I don't mind (well, I do but I'm ready to pay this price) if my data is
> eaten by a buggy rawhide package. But I'd really love to be sure I only
> install Quality Rawhide Bugware and not malware someone injected in a
> compromised mirror.
There is a Fedora rawhide key (key ID 1CDDBCA9 I believe), but it's really
not practical right now to sign the packages, because the rawhide push is
completely automated, and signing requires manually entering a password.
No solution is planned to arrive very soon.
Cheers,
-- Elliot
The daring is in the doing
http://people.redhat.com/sopwith/
More information about the fedora-devel-list
mailing list