Rawhide signatures

Dan Williams dcbw at redhat.com
Tue Jun 22 14:19:18 UTC 2004


AFAIK this is the case.  Packages that are part of a "release", ie
Fedora Core x, or FCx Test x, are signed.  Between releases, if a
package gets revved over the signed version, it is unsigned until the
next release.

Dan

On Tue, 2004-06-22 at 16:09 +0200, Nicolas Mailhot wrote:
> Le mar, 22/06/2004 à 09:49 -0400, Dan Williams a écrit :
> > I believe the packages are really unsigned.  You can disable this by
> > running up2date's configure menu (update --configure) and look for the
> > "Use GPG to verify package integrity" option.
> 
> Before each release I hope rawhide is getting signed at last and after
> each release unsigned packages sneak in again.
> 
> While high-security signing is overkill having at least a key to certify
> the packages did come from redhat servers originally would be great.
> 
> (if you use mirrors, that is, another solution is of course to only
> hammer 1st-level rawhide mirrors)
> 





More information about the fedora-devel-list mailing list