Michael Schwendt wrote: > A signing-server doesn't fix everything. It may help with the security > implications of giving away the key password as was done for Extras. But > hoping for much more frequent or automated pushes of non-critical updates > would be insane. Well, one of the things I was hoping to have come out of my initial message was some transparency. It's useful to know that, for example, frequent pushes of updates is a problem for mirrors. It would be most valuable to have something like the package update wiki page updated with a list of "here's what to expect, and why, once you submit an update request", because right now information like the above isn't captured anywhere that I can find. Not having any idea what to expect is no fun. <b -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
