Re: Should Fedora rpms be signed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2004-10-26 at 18:10, Alexandre Oliva wrote:
> On Oct 26, 2004, seth vidal <skvidal@xxxxxxxxxxxx> wrote:
> 
> >> Just don't let yum install packages that aren't signed.  How about
> >> you start a rawhide mirror with the following properties: if a
> >> package is not signed, it won't be in your mirror; you'll keep the
> >> previous version of such package instead.
> 
> > Then it would not be a rawhide mirror. It would be a rawhide distortion.
> 
> > mirror implies an identical reflection. :)
> 
> Well, not quite.  Plane mirrors do.  And, even then, there's a small
> delay for the light to get from you to the mirror and back, so when
> you see your image in the mirror, you're no longer what you're seeing
> there :-)  This wouldn't be that different :-)


These locations should not even advertise themselves as ATTEMPTED
mirrors. b/c they are not doing that. At least the current mirrors are
making a good-faith effort to be in sync.


> No dispute here.  But if it could, later on, realize that the package
> was signed and use http interval fetch tricks to obtain only the
> signature, it would be way cool.

difficult with the signature it makes it harder to just get-byte-range
changes b/c the file moves around a bit.

-sv



[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]