Re: Update Announcement Format discussion

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Monday 12 January 2004 02:51, Warren Togami wrote:
> There are several reasons why this is a bad idea:
>
> 1) Advisories just don't happen so often to necessitate this.

Maybe not, but it helps to streamline the process and further ensure 
uniformity in the announcements.

> 2) http://www.fedora.us/LEGACY
> Higher priority to actually work on the packages, which have been
> stalled there for several days.

There are people in the community that do not have the 
resources/capabilities to perform the QA on packages, yet still wish to 
contribute to the project.  We should not block work from being done by 
some people, just because there is more "important" work to be done by 
others.

> 3) This is a HUGE security risk.  You should never have an important
> signing key like advisory or package signing on any Internet
> accessible host, especially with the security risk of something like
> PHP or perl and apache.  The signing key for packages and advisories
> should be on a secured host with no public services, used for NO
> OTHER PURPOSE.
>
> (i.e. fedora.us signing does not happen at www.fedora.us.)

Which is why this form does not sign the content, rather sends it back 
to the user or signer in a complete text form, so that the signer can 
then sign the content and publish it.

-- 
Jesse Keating RHCE MCSE (geek.j2solutions.net)
Fedora Legacy Team      (www.fedora.us/wiki/FedoraLegacy)
Mondo DevTeam           (www.mondorescue.org)
GPG Public Key          (geek.j2solutions.net/jkeating.j2solutions.pub)
 
Was I helpful?  Let others know:
 http://svcs.affero.net/rm.php?r=jkeating

Attachment: pgp00171.pgp
Description: signature


[Index of Archives]     [Fedora Development]     [Fedora Announce]     [Fedora Legacy Announce]     [Fedora Config]     [PAM]     [Fedora General Discussion]     [Big List of Linux Books]     [Gimp]     [Yosemite Questions]

  Powered by Linux