On Sat, 18 Dec 2004, Michael Schwendt wrote: > On Sat, 18 Dec 2004 23:15:25 +0100 (CET), Dag Wieers wrote: > > > The current scheme has the following advantages: > > > > + It allows people to build trust for packages because the source becomes > > visible (this works in both ways, if a package is good or bad) > > *gasp* > > Please tell me that you just made a joke. > > People should _never_ deduce the origin of a package from its > filename. First of all we have signatures for that, secondly if a repository that is trusted (as you've added the signature) is using someone else repotag on purpose as a decoy, you can be sure that it will be advertized. No respectful packager will be risking it. So yes, the repotag is very useful. What alternatives do you have (please go over my list of advantages again to become aware of all different advantages) except maybe adding the signature to the release-tag ? :) Having no repotag would be very bad for the Fedora project in general, but I know you envisage a world with only one repository and all your believes circle around that. Most of us live in the real world where there will be always a need and the existance of 3rd party repositories. So every discussion that ignores that is not worth everybody's time. -- dag wieers, dag@xxxxxxxxxx, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]