Le dimanche 31 octobre 2004 à 13:35 +0100, Nils Philippsen a écrit : > On Fri, 2004-10-29 at 12:45 -0600, Rodolfo J. Paiz wrote: > As outlined above, the process of signing repo metadata and the process > of signing individual packages isn't that much different in that it > needs someone or -thing to do the signing. I think signing repo metadata > is good to augment the signing of packages in that someone certifies a > specific set of packages, which is a benefit if you e.g. think of some > bad guy trying to inject a (signed) iptables package into a mirror > repository that by whatever problem wouldn't work together with the > kernel already in there. > A "Conflict" field in the rpm is a better solution. > On the other hand the argument that we should use the presence of a (Red > Hat) signature as a measure of quality is rather moot in my eyes as I > have had a number of my packages out there with great difference in > quality and all of them signed, even with a non-Rawhide key ;-). We have > to teach the people who think about the signature being a sign of > quality instead of origin about its real meaning, we shouldn't conform > to their ill views. Interesting. There is _nothing_ that describe Test release and Rawhide. Nothing. Red Hat did a brilliant job in describing what Fedora is (section About of fedora.redhat.com). Red Hat may describe Test release and Rawhide. These informations may also be in the fedora-release package.
Attachment:
signature.asc
Description: Ceci est une partie de message =?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=