On Tue, Aug 26, 2008 at 03:27:43 +0000, Bojan Smojver <bojan@xxxxxxxxxxxxx> wrote: > > I guess from Red Hat's point of view, the only difference would be that Fedora > packages would not be valid unless signed and uploaded back to updates by > (required number of) other signatories. I don't think you are really going to gain much from doing that. And there is certainly going to be a lot of pain associated with that. It creates extra work, adds delays, and adds a dependence on third parties. And it doesn't completely prevent people from getting bad code signed. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
