On Fri, Feb 27, 2009 at 01:47:10PM -0800, Adam Williamson wrote: >On Fri, 2009-02-27 at 16:30 -0500, Jon Masters wrote: > >> > Hmm. As far as I can see, signing Rawhide packages would still have >> > value, in that it would prove that the package was created either by an >> > approved maintainer of that package or by a Proven Packager, and was >> > properly built through the official build system (it should, anyway, if >> > the signing process is properly situated at the end of the above process >> > and can't be accessed in any other way). >> >> Yeah, still doesn't protect against the guy who introduces a new package >> today that includes an updated configuration for my VPN client, or my >> email client, or a host of other stuff I might be using and rely upon. > >Sure. I didn't say it does. That doesn't make it useless. :) > >(On a practical level, neither do F9 or F10, since maintainers can at >present push packages directly to the official updates repository with >no oversight, AFAIK). I could just stop pushing updates if it would make everyone feel safer. josh -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
