Re: Rawhide issues

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2008-04-15 at 07:44 -0500, Jeffrey Ollie wrote:

> The problem there is that this system breaks down if the packages get
> disassociated from their "original" repository.  For example, I've
> thought about making a custom version of Fedora for work every now and
> the - right now the only changes would be different logos and artwork
> and maybe some defaults.  Currenly, 99% of the packages in my version
> of Fedora would have the Fedora signatures on them and the users of my
> version of Fedora could trust that I hadn't changed them in some way
> from what was in Fedora.  If the signatures only lived in the repodata
> my users wouldn't be able to check that because I would need to
> regenerate the repodata and I woudn't be able to sign my repodata with
> the same key that Fedora uses.

What if all packages that came out of koji were autosigned? Then you'd
know where they were from but you'd need to verify them against their
metadata to see if they were 'trusted' in another sense.

-sv


-- 
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux