On Fri, 2009-02-27 at 13:21 -0800, Adam Williamson wrote: > On Fri, 2009-02-27 at 16:01 -0500, Jon Masters wrote: > > On Fri, 2009-02-27 at 12:14 -0800, Adam Williamson wrote: > > > On Fri, 2009-02-27 at 13:24 +0100, Till Maas wrote: > > > > On Fr Februar 27 2009, Adam Williamson wrote: > > > > > > > > > It would be nice to have everyone who works on Rawhide, work *from* > > > > > Rawhide. I suspect this would make people generally less keen to break > > > > > stuff. =) > > > > > > > > I hope that nobody does this, because the rpm packages for Rawhide are not > > > > signed and therefore should not be trusted. > > > > > > Huh. I didn't know that. Is there some reason why not? Is it the manual > > > signing thing? > > > > It's not actually just that though, due to the amount of churn, open ACL > > lists, and so forth, I think you'd need to do a lot more before you > > could go using rawhide for day-to-day stuff. Of course people more > > trusting than myself will happily argue otherwise :) > > Hmm. As far as I can see, signing Rawhide packages would still have > value, in that it would prove that the package was created either by an > approved maintainer of that package or by a Proven Packager, and was > properly built through the official build system (it should, anyway, if > the signing process is properly situated at the end of the above process > and can't be accessed in any other way). Yeah, still doesn't protect against the guy who introduces a new package today that includes an updated configuration for my VPN client, or my email client, or a host of other stuff I might be using and rely upon. IMHO it's not the place of the development branch of a distribution to provide the level of protection from such things. This is why I run my tests mostly on old hardware or on virtual machines - I copy stuff into the virtual machine, have only toy passwords on it, etc. It's not a perfect protection, but I view it as a reasonable precaution against "kitten consumption" or even malicious attempts to harm Fedora. Jon. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
