On Thu, Sep 16, 2010 at 18:48:03 +0200, Till Maas <opensource@xxxxxxxxx> wrote: > > Latest design decisions for package management tools include to sign and > verify packages before they are installed. Rawhide RPMs are afaik not > signed, therefore using it for any non testing system that might contain > sensitive data is not a good decision. I believe there is a proposal to sign all packages in either bohdi or koji at some point. Signing would only indicate the package was build on Fedora infrastructure, which is slightly less checking than gets done now, but is probably good enough since there is already a lot of trust going on. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel