On Fri, 2004-10-29 at 22:56 +0200, Matias Féliciano wrote: > But I don't think it's easer to sign a repository than all the packages. > > For signing a repository, one command line would be used [...] > For signing all packages, one command line would be used [...] > > If Red Hat can use one of these methods, they can easily do both (It's > seems). Your logic is seriously flawed. The repository is created once, and updated on a specific and regular schedule. The entire repository metadata is signed at one time and in a predictable fashion. Precisely the problem which has been pointed out about signing every package is that there is no one around at the particular time when a few packages are finally ready, and it is those that do not get signed. But all packages are finished at different times, so it is impractical to suggest that all packages can be signed together with a single command. Cheers, -- Rodolfo J. Paiz <rpaiz@xxxxxxxxxxxxxx>
Attachment:
signature.asc
Description: This is a digitally signed message part