On Mon, 1 Nov 2004, Matias Féliciano wrote: > A signature, which can be part of a quality process, ensure where the > information/data/package come from. A signature is not a certificate of > quality _without_ a quality process. Totally agree. All the points raised so far were mostly releated to QA for RHEL. One can argue that even rawhide has a QA - and the gpg-sign is part of the QA proces - However the QA for RHEL is totally different from QA for Fedora (release) - which is different from QA for rawhide. So there is no conflict in the model - and no good reason yet for not gpg-signing. Any argument which says 'users will confuse gpg-signed rawhide packages as RHEL QA'ed packages' is bogus. (Any user infering this from the gpg-signautre - and thinks its safe to use rawhide instead of fedra-core-release/RHEL is nuts) Satish