Should Fedora rpms be signed?
Alan Cox
alan at redhat.com
Thu Nov 4 12:30:20 UTC 2004
On Thu, Nov 04, 2004 at 11:33:00AM +0100, Nils Philippsen wrote:
> Just to overstretch analogies a bit, the "signature" of Fisher-Price on
> a kid's toy isn't different from the "signature" of Heckler&Koch on a
> submachine gun either. Despite that they convey very different messages
> ("when you push the button, the doll cries" vs. "... a whole family
> cries").
>
> Let's face it, currently a signed package only means "someone/-thing has
> signed off on it" on a technical level, anything else is just what we
At the technical level but not at the actual human level. At that point
brand comes into it.
More information about the fedora-test-list
mailing list