The repository scoring problem - a proposal
Nicolas Mailhot
nicolas.mailhot at laposte.net
Sun Mar 12 17:34:13 UTC 2006
Le dimanche 12 mars 2006 à 16:21 +0100, Ralf Ertzinger a écrit :
> It has been proposed to add a field to the RPM file headers that can
> be set by the packager to indicate where the package came from. This requires
> work on the behalf of all packagers/repositories, and is thus not likely
> to work (in my opinion), or it will take a long time to actually show effect.
Why do you need a separate header/field/whatever ?
You *already* have this field - that's the GPG signature.
Assign weights to signing keys and you're done (this solves rpm/yum,
manual rebuilds, p.r.c. repos, it's so natural that's not even funny
considering we're been ignoring it so long)
You'll note Fedora *already* recognizes keys are a discriminant -
different keys are used for different repos (Core, Security, etc)
(Of course that would require Fedora to implement the long-awaited
rawhide signing. Virtuous circle - you do something for one reason, and
it has good side effects on other problems)
Regards,
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 199 bytes
Desc: Ceci est une partie de message num?riquement sign?e
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060312/c98eca19/attachment.sig>
More information about the fedora-devel-list
mailing list