Le Lun 29 octobre 2007 08:27, Till Maas a écrit : > On So Oktober 28 2007, Andrew Farris wrote: > >> prevent that either (in rawhide). Testing rawhide isn't for boxes >> with >> corporate sensitive data... > > This seems not to be common knowledge, because afaik even Fedora > Maintainers use Rawhide on a system, where they create new packages. And it's totally unrealistic because the only people who're going to sit before a test box without real data are people paid for testing (ie not community contributors). You can't have it both ways - either you pay people to do testing on fake safe data (very expensive), or you have volunteers testing on their own systems (with their own data), and you have to work a minimum so you only eat this data in very rare cases. >> Actually signing the package from the build system would change very >> little >> other than insure that the mirror you're downloading from did not >> bring in >> a new package that doesn't belong. > > Imho it is a big benefit, And even kernel.org does it so anyone who feels autosigning packages before uploading to the root mirrors is "unprofessional" can complain on LKML and get educated :). Regards, -- Nicolas Mailhot -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list