Re: Should Fedora rpms be signed?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 




On Thu, 4 Nov 2004, Peter Jones wrote:

> On Thu, 2004-11-04 at 11:33 +0100, Nils Philippsen wrote:
> > On Mon, 2004-11-01 at 18:50 -0500, Peter Jones wrote:
> > > On Mon, 2004-11-01 at 17:34 -0600, Satish Balay wrote:
> > > > Ok - you & Seth seem to have a solution to the problem.
> > > > 
> > > > Still no good explanation why ALL keys should be treated the same.
> > > 
> > > Because there's nothing about a key that tells you how to treat it.
> > 
> > Exactly. There's where "common sense" comes into play, i.e. I shouldn't
> > enable Rawhide repositories if a broken system makes me cry.
> 
> We're not just talking about rawhide.  We're talking about Axil's repo,
> and Matthais's repo, and the cdparanoia repo on my people.redhat.com
> site, and the repo on Seth's website.
> 
> There is no common sense answer to "I have 40 keys signing things and
> none of them specify what the signature means".
> 
> Quit thinking that we're talking about one key.  We're talking about
> many.

These are arguments for 'a better key-management-policy'
infrastructure. There is no argument here about keeping 'rawhide'
unsigned.

Satish


[Index of Archives]     [Fedora Desktop]     [Fedora SELinux]     [Photo Sharing]     [Yosemite Forum]     [KDE Users]