Rawhide signatures
Dan Williams
dcbw at redhat.com
Tue Jun 22 14:19:18 UTC 2004
AFAIK this is the case. Packages that are part of a "release", ie
Fedora Core x, or FCx Test x, are signed. Between releases, if a
package gets revved over the signed version, it is unsigned until the
next release.
Dan
On Tue, 2004-06-22 at 16:09 +0200, Nicolas Mailhot wrote:
> Le mar, 22/06/2004 à 09:49 -0400, Dan Williams a écrit :
> > I believe the packages are really unsigned. You can disable this by
> > running up2date's configure menu (update --configure) and look for the
> > "Use GPG to verify package integrity" option.
>
> Before each release I hope rawhide is getting signed at last and after
> each release unsigned packages sneak in again.
>
> While high-security signing is overkill having at least a key to certify
> the packages did come from redhat servers originally would be great.
>
> (if you use mirrors, that is, another solution is of course to only
> hammer 1st-level rawhide mirrors)
>
More information about the fedora-devel-list
mailing list