Le vendredi 29 octobre 2004 à 12:45 -0600, Rodolfo J. Paiz a écrit : > Matías is vehemently pro signing > *every* package Yes. But I never said that a signed repository is a bad solution :-) Signing repository has its benefit. Signing every packages has its benefit. But I don't think it's easer to sign a repository than all the packages. For signing a repository, one command line would be used (I suppose) : - gpg --sign ... OR createrepo --addsign For signing all packages, one command line would be used : - rpm --addsign <list of rpm package> If Red Hat can use one of these methods, they can easily do both (It's seems).
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=