On Tue, Mar 01, 2005 at 08:05:12AM -0500, Marc Deslauriers wrote: > It should NOT be automated. Malicious people would be tempted to sent > out fake advisories to get them automatically published to the web. > Heck, they could even embed some php in them to try and compromise the > server. > > A manual yes/no is mandatory IMHO. Well, gpg verify from a known builder of updates. But yes, I agree. It would be nice if the known builders were able to publish to the web site and push package updates to the download server, too, of course ;) -- Dominic Hargreaves | http://www.larted.org.uk/~dom/ PGP key 5178E2A5 from the.earth.li (keyserver,web,email) -- fedora-legacy-list@xxxxxxxxxx http://www.redhat.com/mailman/listinfo/fedora-legacy-list
