On Tue, 22 Jun 2004, Nicolas Mailhot wrote: > Le mar, 22/06/2004 à 10:19 -0400, Dan Williams a écrit : > > AFAIK this is the case. Packages that are part of a "release", ie > > Fedora Core x, or FCx Test x, are signed. Between releases, if a > > package gets revved over the signed version, it is unsigned until the > > next release. > > Yep, that is why I wrote a rawhide key would be great. > I don't mind (well, I do but I'm ready to pay this price) if my data is > eaten by a buggy rawhide package. But I'd really love to be sure I only > install Quality Rawhide Bugware and not malware someone injected in a > compromised mirror. There is a Fedora rawhide key (key ID 1CDDBCA9 I believe), but it's really not practical right now to sign the packages, because the rawhide push is completely automated, and signing requires manually entering a password. No solution is planned to arrive very soon. Cheers, -- Elliot The daring is in the doing http://people.redhat.com/sopwith/
