Re: Meeting summary/minutes from today's FESCo meeting (2010-09-14)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Sep 16, 2010 at 18:48:03 +0200,
  Till Maas <opensource@xxxxxxxxx> wrote:
> 
> Latest design decisions for package management tools include to sign and
> verify packages before they are installed. Rawhide RPMs are afaik not
> signed, therefore using it for any non testing system that might contain
> sensitive data is not a good decision.

I believe there is a proposal to sign all packages in either bohdi or koji
at some point. Signing would only indicate the package was build on Fedora
infrastructure, which is slightly less checking than gets done now, but
is probably good enough since there is already a lot of trust going on.
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux