Re: Should Fedora rpms be signed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Mon, 1 Nov 2004, Peter Jones wrote:

<lot of text trimed to be digested later - mostly looks like RHEL-QA
vs Fedora-QA vs Rawhide-QA >

> > For us users there is no confusion:
> > - 'rawhide-key' is different from 'redhat-key' - so there is no confusion here.
> 
> Make this work in a world where users draw from multiple, unrelated
> repositories.  Some people (not very many) know that rawhide-key means
> it isn't for a production release.  But Joe Foo's repositories have
> packages signed with joefookey1 and joefookey2.  Which is which?
> 
> This is not viable.

This is not the problem under discussion. 'Current' rawhide' doesn't
fix it. gpg-signed rawhide won't fix it.

> 
> > - 'gpg' singed packages doesn't => stability (aka rawhide can always
> >   eat data) - so no confusion here..
> 
> The signature *sometimes* does imply that.  If the only difference is
> the key, then there's really not any way to tell when.

If you think 'gpg-signing' rawhide packages changes the meaning of
'rawhide' - and adds in stability 'conotation' - I don't know what to
say. I've reached the end of my logical reasoning. Will stop now.

Satish


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]