Should Fedora rpms be signed?
Peter Jones
pjones at redhat.com
Mon Nov 1 23:50:11 UTC 2004
On Mon, 2004-11-01 at 17:34 -0600, Satish Balay wrote:
> Ok - you & Seth seem to have a solution to the problem.
>
> Still no good explanation why ALL keys should be treated the same.
Because there's nothing about a key that tells you how to treat it.
> To me 'rehdat-key' is different from 'linva-key' etc. And I think
> rawhide can do the same.
>
> The analogy I keep thinking is 'my signature' is differnet than
> 'RedHat's CEO's signature' treating both to mean the same is nuts..
But the signature isn't different in kind. You just "know" which
documents one is good on and which one isn't. But we don't have that
kind of knowledge for all keys. We don't know which repositories each
key is good for what on, and making the infrastructure to tell that
about keys is a lot of work. Making the infrastructure for a key to
sign something which tells us is significantly easier, I think.
--
Peter
"Traveling through hyperspace isn't like dusting crops, boy."
-- Solo
More information about the fedora-test-list
mailing list