Whom should I put my trust?

Phillip Compton pcompton at proteinmedia.com
Mon Nov 24 21:32:39 UTC 2003

On Mon, 2003-11-24 at 16:12, Timothy Ha wrote:
> Thank you!
> I still have some questions (not doubts): With thrilling stories like 
> someone break into Linux kernel source, how do you guarant the quality 
> of the repositories? Security updates, system tools and so on are there.

I can only speak for the processes at fedora.us. 

Each package there has a maintainer who is responsible for keeping up to
date with updates/fixes to that package, although anyone can open a bug
in bugzilla if they note a needed update.

As for security of the packages themselves, fedora.us has a QA process
that requires sources to be verified vs upstream, and all packages must
be signed. 

Take a look at:
if you'd like a more detailed look at the QA process

and please check out:
to see the process in action, and perhaps help a little

> Will Redhat be some guarantee to all these things?

No, redhat can not be responsible for the actions of independent


More information about the fedora-list mailing list