On Wed, 2009-11-18 at 10:52 -0800, Jesse Keating wrote: > On Wed, 2009-11-18 at 13:22 -0500, James Antill wrote: > > > > 7. And the most obvious one ... how hard is it to get a bad package into > > one of the repos. that the machine has enabled. > > Right, PK is counting on this being sufficiently difficult enough to > prevent bad things from happening. While I'd like to think that, and > would like to say that, I can't. I do not see how that's relevant, frankly. For it to be relevant it would have to be true to state that, if you need root privileges to install signed packages, it's absolutely no problem if a signed package is evil. Obviously, that's not at all true. An evil 'trusted' package would be a Very Bad Thing in any case. Whether you need to be root to install a trusted package or not is entirely orthogonal, as far as I can see. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
