On Tue, 2004-10-26 at 16:03 -0600, Rodolfo J. Paiz wrote: > On Mon, 2004-10-25 at 22:16 -0400, Ricardo Veguilla wrote: > > Quoting Matias > > > By not signing their rpm in rawhide, Red Hat "force" me to take risk > > > (fake rpm, ...) for _nothing_. I don't want to take these risks. > > > > > > > Its funny because I agree that it will be good if rawhide rpms were > > signed, but I was only pointing out that if you choose to use > > unsupported beta software for critical tasks, you can't say the provider > > forced you to be at risk... it was your choice to use it. > > > > His point was not that Red Hat forced him to use a beta, for God's sake. Again, please read more carefully before replying. You don't seem to be reading what I wrote. Re-read my paragraph above and tell me where do I claim that "Matias says Red Hat is forcing him to use a beta"? The point he made (and which is the only thing I criticizing) was that since he is using rawhide (beta/test/devel software) Red Hat is forcing him to be at risk because rawhide packages are not signed. > His point was that if the package is not signed, then it is easier for > someone to substitute a trojan package on a mirror server. He's arguing > that signing packages would add one level of useful security (or "trust" > if you will, in that at least you would know that the package you > downloaded had been built at Red Hat or by the Fedora Project. Like I said I agree that it will be good if the rpm were signed. > That's it. Argue against that, if you will, but your continued argument > about his using (or not) a beta is simply based on not understanding > Mat�'s original point. Like I said, I don't have to argue against "that" (signed rpm being a good idea) because I agree with "that". If you want to continue arguing about this, feel free to email me privately. Regards, -- Ricardo Veguilla <veguilla@xxxxxxxxxxxx>