Package XYZ is not signed

nodata lsof at nodata.co.uk
Sun Oct 28 17:22:07 UTC 2007


Am Donnerstag, den 25.10.2007, 22:51 -0400 schrieb Will Woods:
> This has been discussed a bunch of times already. Rawhide packages
> aren't signed. This is intentional.

That's nice. So I'll stop testing rawhide now because I don't know where
the packages are from. Conveniently jumping off and on the security
bandwagon at different stages in the release is a bit churlish.

It only takes one malicious unsigned package to be installed for the box
to be compromised, and nothing will protect against that.

Come on though, we have auto-signing now, what was the killer reason for
unsigned rpms?




More information about the fedora-devel-list mailing list