On Wed, 2009-11-18 at 17:54 -0500, Eric Christensen wrote: > > I do not see how that's relevant, frankly. For it to be relevant it > > would have to be true to state that, if you need root privileges to > > install signed packages, it's absolutely no problem if a signed package > > is evil. Obviously, that's not at all true. An evil 'trusted' package > > would be a Very Bad Thing in any case. Whether you need to be root to > > install a trusted package or not is entirely orthogonal, as far as I can > > see. > > I'd like to point out that there are trusted packages that I wouldn't > want my users downloading. John is a good example but there are others. > > Anyone requested that CVE yet? That's a different point, and specifically _not_ the point I was addressing. You don't need to point it out as it's already been pointed out about five times earlier in the thread. :) -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org http://www.happyassassin.net -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
