Proposal: Discourage rpmbuild --sign
Rex Dieter
rdieter at math.unl.edu
Wed Dec 31 17:26:46 UTC 2003
Warren Togami wrote:
> Proposal
> ========
> rpm-4.2.2 in rawhide and all future versions should discourage the use
> of rpmbuild --sign. Perhaps this can be done effectively by adding a
> large and annoying warning message and 15 second delay. Or disable it
> completely. I don't care how, just discouragement should be done.
...
> This istotally not the case for one key reason: Safety.
I would argue against disabling this feature altogether. IMO, building
signed rpms from trusted specfiles/sources should *always* be possible
(without making it a 2 step process).
-- Rex
More information about the fedora-devel-list
mailing list