Matias F�ciano wrote:
Le lundi 25 octobre 2004 �4:46 -0400, Ricardo Veguilla a �it :
On Mon, 2004-10-25 at 19:42 +0200, Matias F�ciano wrote:
Let me try to summarise (in my bad English).
It's up to me to decide to use a beta for a mission critical computer.
Right now, for my personal computer, I feel the risk is pay back because
this improve (I hope:-)) Fedora (and RHEL in a long run). And also
because I like enjoying with the latest technology.
By not signing their rpm in rawhide, Red Hat "force" me to take risk
(fake rpm, ...) for _nothing_. I don't want to take these risks.
I can't believe you are making this argument.*You* "forced" yourself
when *you* decided to use an unsupported beta. I mean you said it
yourself:
"It's up to me to decide to use a beta for a mission critical computer.
Right now, for my personal computer, I feel the risk is pay back..."
If you don't want to take those risks, then you shouldn't be using
fedora rawhide.
Well, you are right. But, some times rpm are signed, some times they are
not, all rpm are signed when it's a full test release (FC3T1,
FC3T2, ...), rpm packages for BETA RHEL are signed, ...
Right now there are 4 packages not signed :
gtk2-2.4.13-3.i386.rpm
gtk2-devel-2.4.13-3.i386.rpm
fedora-release-3-rawhide.noarch.rpm
rpmdb-fedora-3-0.20041025.i386.rpm
The problem is if not all packages are signed, I can't use "gpgcheck=1"
with yum.
Some time ago, there was over 600 (!) package not signed (more than 1
Go).
If Red Hat don't want to sign their package, than they should not sign
any packages at all and state this in fedora.redhat.com site to make it
clear.
Perhaps I will not be a beta tester any more since beta tester seem to
imply "suffer with potential trojan, cracked packages, ...". Things that
obviously Red Hat don't care about for Fedora but only for RHEL.
I've been staying out of this thread, more or less because I find the
whole thing to be pointless, but now I have to say, maybe you should not
be running any test version, go with a released version and you will be
happy.
this is a TEST version, which means there are going to be many packages
released, and updated on a daily basis ( for the most part) some will be
signed, some will not. as a tester, this is something you should already
know.
Also if you are a tester, than you should also know that you should run
a test version as your primary OS, that is just plain stupid, unless you
are willing to accept the problems that WILL come with running a test
version.
As far as the orignal topic of this post, I would really hope that no
one was fooled by this, I never would have believed it.
BaVinic