Re: Should Fedora rpms be signed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Nils Philippsen wrote: 
On Fri, 2004-10-29 at 15:35 +0200, Nils Philippsen wrote:

  
And this assumption is wrong. A signature on a package is absolutely not
correlated to the quality of it.
    

That last sentence should read: "Having a Red Hat signature on a package
is absolutely not correlated to the quality of it." -- i.e. we generally
sign all packages "leaving the house", be they Rawhide, beta or final.
Sorry for the confusion this may have caused.

Nils
Hi Nils,

My comment about the correlation of signature to quality was this. RedHat has a known/documented process for generating a package that "leaves the house", i.e. certain procedures are followed for testing and quality assurance. If RH didn't they wouldn't be in business for long. The consumers understand the difference between rawhide and release and decide accordingly based on their level of risk. Bottom line is a RH release is "known quantity" quality wise. If I were to release a package with my signature on it, consumers would have no clue as to the quality of that release. RH release = higher quality, lower risk, RH rawhide = good quality, moderate risk. JB release = ?? quality, expect to lose your computer...:-)

John
begin:vcard
fn:John Burton
n:Burton;John
org:G&A Technical Software, Inc.
adr;dom:Suite 101;;11864 Canon Blvd.;Newport News;VA;23606
email;internet:j.c.burton@xxxxxxxxxxxx
title:Principal Associate
tel;work:757-873-5920
tel;fax:757-873-5924
x-mozilla-html:TRUE
url:http://www.gats-inc.com
version:2.1
end:vcard
[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]