On Fri, 2009-02-27 at 16:01 -0500, Jon Masters wrote: > On Fri, 2009-02-27 at 12:14 -0800, Adam Williamson wrote: > > On Fri, 2009-02-27 at 13:24 +0100, Till Maas wrote: > > > On Fr Februar 27 2009, Adam Williamson wrote: > > > > > > > It would be nice to have everyone who works on Rawhide, work *from* > > > > Rawhide. I suspect this would make people generally less keen to break > > > > stuff. =) > > > > > > I hope that nobody does this, because the rpm packages for Rawhide are not > > > signed and therefore should not be trusted. > > > > Huh. I didn't know that. Is there some reason why not? Is it the manual > > signing thing? > > It's not actually just that though, due to the amount of churn, open ACL > lists, and so forth, I think you'd need to do a lot more before you > could go using rawhide for day-to-day stuff. Of course people more > trusting than myself will happily argue otherwise :) Hmm. As far as I can see, signing Rawhide packages would still have value, in that it would prove that the package was created either by an approved maintainer of that package or by a Proven Packager, and was properly built through the official build system (it should, anyway, if the signing process is properly situated at the end of the above process and can't be accessed in any other way). That would be a useful thing to provide, I'd think. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list