AFAIK this is the case. Packages that are part of a "release", ie Fedora Core x, or FCx Test x, are signed. Between releases, if a package gets revved over the signed version, it is unsigned until the next release. Dan On Tue, 2004-06-22 at 16:09 +0200, Nicolas Mailhot wrote: > Le mar, 22/06/2004 à 09:49 -0400, Dan Williams a écrit : > > I believe the packages are really unsigned. You can disable this by > > running up2date's configure menu (update --configure) and look for the > > "Use GPG to verify package integrity" option. > > Before each release I hope rawhide is getting signed at last and after > each release unsigned packages sneak in again. > > While high-security signing is overkill having at least a key to certify > the packages did come from redhat servers originally would be great. > > (if you use mirrors, that is, another solution is of course to only > hammer 1st-level rawhide mirrors) >
