On Wed, 2017-11-08 at 15:23 +0000, Peter Robinson wrote: > > But why? _Any_ package can completely screw up the system with a bad > > scriplet or a dependency. Let's take one step back and consider why a > > package would need special protections: only when there's something > > _tricky_ about the package. We have such special protections for the > > kernel (signing), firefox (trademarks), and for bootloaders (signing again), > > Well the fedora-release package could be arguably open to trademark. There *are* also some non-obvious bits about fedora-release, too. There's the duality with generic-release and the common 'system- release' virtual provide, which people may forget/not know about. And IIRC it contains various files whose existence or text contents are magic in various ways, like the /etc/*release files. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | XMPP: adamw AT happyassassin . net http://www.happyassassin.net _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
