On Mon, 2004-10-25 at 22:16 -0400, Ricardo Veguilla wrote: > Quoting Matias > > By not signing their rpm in rawhide, Red Hat "force" me to take risk > > (fake rpm, ...) for _nothing_. I don't want to take these risks. > > > > Its funny because I agree that it will be good if rawhide rpms were > signed, but I was only pointing out that if you choose to use > unsupported beta software for critical tasks, you can't say the provider > forced you to be at risk... it was your choice to use it. > His point was not that Red Hat forced him to use a beta, for God's sake. His point was that if the package is not signed, then it is easier for someone to substitute a trojan package on a mirror server. He's arguing that signing packages would add one level of useful security (or "trust" if you will, in that at least you would know that the package you downloaded had been built at Red Hat or by the Fedora Project. That's it. Argue against that, if you will, but your continued argument about his using (or not) a beta is simply based on not understanding Matías's original point. -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part