Re: Package XYZ is not signed

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Le Lun 29 octobre 2007 08:27, Till Maas a écrit :
> On So Oktober 28 2007, Andrew Farris wrote:
>
>> prevent that either (in rawhide).  Testing rawhide isn't for boxes
>> with
>> corporate sensitive data...
>
> This seems not to be common knowledge, because afaik even Fedora
> Maintainers use Rawhide on a system, where they create new packages.

And it's totally unrealistic because the only people who're going to
sit before a test box without real data are people paid for testing
(ie not community contributors).

You can't have it both ways - either you pay people to do testing on
fake safe data (very expensive), or you have volunteers testing on
their own systems (with their own data), and you have to work a
minimum so you only eat this data in very rare cases.

>> Actually signing the package from the build system would change very
>> little
>> other than insure that the mirror you're downloading from did not
>> bring in
>> a new package that doesn't belong.
>
> Imho it is a big benefit,

And even kernel.org does it so anyone who feels autosigning packages
before uploading to the root mirrors is "unprofessional" can complain
on LKML and get educated :).

Regards,

-- 
Nicolas Mailhot

-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux