M. Edward (Ed) Borasky <znmeb <at> znmeb.net> writes: > As a bleeding-edge user I'd be in favor of this, although I thought > that was what 'updates-testing' was. Maybe I'm misunderstanding how things work, but I think every package in updates-testing is signed by a human, on an "offline" machine (i.e. someone has to walk the RPM to it using physical media, sign it and then bring it back and upload it), which may be causing some of these delays. So, I was thinking of a more relaxed signing key, which would used directly by the build system after people build the packages. Virus and malware scanning at this point would be useful, of course, but would not catch everything - that's for sure. PS. Apologies if the above is misinformation. Going from memory here, from the days of that Fedora compromise a few years ago. -- Bojan -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
