warning to list
Rodolfo J. Paiz
rpaiz at simpaticus.com
Tue Oct 26 22:03:46 UTC 2004
On Mon, 2004-10-25 at 22:16 -0400, Ricardo Veguilla wrote:
> Quoting Matias
> > By not signing their rpm in rawhide, Red Hat "force" me to take risk
> > (fake rpm, ...) for _nothing_. I don't want to take these risks.
> >
>
> Its funny because I agree that it will be good if rawhide rpms were
> signed, but I was only pointing out that if you choose to use
> unsupported beta software for critical tasks, you can't say the provider
> forced you to be at risk... it was your choice to use it.
>
His point was not that Red Hat forced him to use a beta, for God's sake.
His point was that if the package is not signed, then it is easier for
someone to substitute a trojan package on a mirror server. He's arguing
that signing packages would add one level of useful security (or "trust"
if you will, in that at least you would know that the package you
downloaded had been built at Red Hat or by the Fedora Project.
That's it. Argue against that, if you will, but your continued argument
about his using (or not) a beta is simply based on not understanding
Matías's original point.
--
Rodolfo J. Paiz <rpaiz at simpaticus.com>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20041026/db3c2ee1/attachment.sig>
More information about the fedora-test-list
mailing list