Ready for new RPM version?
Josh Boyer
jwboyer at gmail.com
Fri Feb 27 21:58:55 UTC 2009
On Fri, Feb 27, 2009 at 01:47:10PM -0800, Adam Williamson wrote:
>On Fri, 2009-02-27 at 16:30 -0500, Jon Masters wrote:
>
>> > Hmm. As far as I can see, signing Rawhide packages would still have
>> > value, in that it would prove that the package was created either by an
>> > approved maintainer of that package or by a Proven Packager, and was
>> > properly built through the official build system (it should, anyway, if
>> > the signing process is properly situated at the end of the above process
>> > and can't be accessed in any other way).
>>
>> Yeah, still doesn't protect against the guy who introduces a new package
>> today that includes an updated configuration for my VPN client, or my
>> email client, or a host of other stuff I might be using and rely upon.
>
>Sure. I didn't say it does. That doesn't make it useless. :)
>
>(On a practical level, neither do F9 or F10, since maintainers can at
>present push packages directly to the official updates repository with
>no oversight, AFAIK).
I could just stop pushing updates if it would make everyone feel safer.
josh
More information about the fedora-devel-list
mailing list