Fedora Project launches Pre-Extras
Dries Verachtert
dries at ulyssis.org
Sat Dec 18 23:08:26 UTC 2004
On Saturday 18 December 2004 23:46, Michael Schwendt wrote:
> On Sat, 18 Dec 2004 23:15:25 +0100 (CET), Dag Wieers wrote:
> > On Sat, 18 Dec 2004, Michael Schwendt wrote:
> > > On Sat, 18 Dec 2004 08:57:23 -0500, Jeff Spaleta wrote:
> > > > On Sat, 18 Dec 2004 11:58:45 +0100, nodata <fedora at nodata.co.uk>
wrote:
> > > > > An rpm tool doesn't care about the filename, so why remove it?
> > > >
> > > > You have missed the point entirely. The filaname for an rpm is
> > > > typically constructed from a number of header tags as part of the
> > > > build process. The distrotags that are being used arent just in the
> > > > filename they are in the RELEASE tag.
> > >
> > > Which is part of the problem.
> >
> > Please indicate where the problem is.
>
> Done that before in this thread.
Can you please give the timestamp of that mail please? I can't find it in this
long thread.
> > The current scheme has the following advantages:
> >
> > + It allows people to build trust for packages because the source becomes
> > visible (this works in both ways, if a package is good or bad)
>
> *gasp*
>
> Please tell me that you just made a joke.
>
> People should _never_ deduce the origin of a package from its
> filename.
>
> [They may start to trust the signer of packages and the signed
> packages which come from him.]
People express a certain trust in a packager when they download and install
rpms from his site or when they import that packagers key and configure their
apt/yum/smart to also use that packagers group of signed rpms. In my opinion
this is unrelated to having a repotag added to the release tag.
kind regards,
Dries
More information about the fedora-test-list
mailing list