On Fri, 2009-02-27 at 16:30 -0500, Jon Masters wrote: > > Hmm. As far as I can see, signing Rawhide packages would still have > > value, in that it would prove that the package was created either by an > > approved maintainer of that package or by a Proven Packager, and was > > properly built through the official build system (it should, anyway, if > > the signing process is properly situated at the end of the above process > > and can't be accessed in any other way). > > Yeah, still doesn't protect against the guy who introduces a new package > today that includes an updated configuration for my VPN client, or my > email client, or a host of other stuff I might be using and rely upon. Sure. I didn't say it does. That doesn't make it useless. :) (On a practical level, neither do F9 or F10, since maintainers can at present push packages directly to the official updates repository with no oversight, AFAIK). -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
