[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: Ready for new RPM version?

From: Josh Boyer <jwboyer gmail com>
To: Development discussions related to Fedora <fedora-devel-list redhat com>
Subject: Re: Ready for new RPM version?
Date: Fri, 27 Feb 2009 16:58:55 -0500

On Fri, Feb 27, 2009 at 01:47:10PM -0800, Adam Williamson wrote:
>On Fri, 2009-02-27 at 16:30 -0500, Jon Masters wrote:
>
>> > Hmm. As far as I can see, signing Rawhide packages would still have
>> > value, in that it would prove that the package was created either by an
>> > approved maintainer of that package or by a Proven Packager, and was
>> > properly built through the official build system (it should, anyway, if
>> > the signing process is properly situated at the end of the above process
>> > and can't be accessed in any other way).
>> 
>> Yeah, still doesn't protect against the guy who introduces a new package
>> today that includes an updated configuration for my VPN client, or my
>> email client, or a host of other stuff I might be using and rely upon.
>
>Sure. I didn't say it does. That doesn't make it useless. :)
>
>(On a practical level, neither do F9 or F10, since maintainers can at
>present push packages directly to the official updates repository with
>no oversight, AFAIK).

I could just stop pushing updates if it would make everyone feel safer.

josh

References:
- Ready for new RPM version?
  - From: Panu Matilainen
- Re: Ready for new RPM version?
  - From: seth vidal
- Re: Ready for new RPM version?
  - From: Adam Williamson
- Re: Ready for new RPM version?
  - From: Till Maas
- Re: Ready for new RPM version?
  - From: Adam Williamson
- Re: Ready for new RPM version?
  - From: Jon Masters
- Re: Ready for new RPM version?
  - From: Adam Williamson
- Re: Ready for new RPM version?
  - From: Jon Masters
- Re: Ready for new RPM version?
  - From: Adam Williamson

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]