Paul Iadonisi wrote:
I apologize if I seem a bit antagonistic about this. It's just that I
see it as pretty important that people understand what testing means:
that your data may get eaten alive and no one will be able to save you
from that. That's at least partially what's meant when Red Hat says not
to use it on critical systems.
And it's also important to understand what the Fedora Project is and
how it differs from RHEL. RHEL *absolutely* *will* receive more
attention from Red Hat than Fedora Core. RHEL is the money maker.
Fedora Core is the proving grounds. That's the bottom line. At least,
that's how I see it.
From my point of view, both of those points (with which I agree, BTW)
are orthogonal to the question of having signed packages. Bugs, even
security-related bugs, are very different from deliberately trojaned
code.
People accept a level of risk of buggy code when they choose to run
Fedora Core (as opposed to RHEL) or a Fedora Core test release. There
is no good reason, however, to force Fedora Core testers to accept a
higher risk of malware.
--
========================================================================
Ian Pilcher i.pilcher@xxxxxxxxxxx
========================================================================