Fedora Project launches Pre-Extras
Dag Wieers
dag at wieers.com
Sat Dec 18 23:15:21 UTC 2004
On Sat, 18 Dec 2004, Michael Schwendt wrote:
> On Sat, 18 Dec 2004 23:15:25 +0100 (CET), Dag Wieers wrote:
>
> > The current scheme has the following advantages:
> >
> > + It allows people to build trust for packages because the source becomes
> > visible (this works in both ways, if a package is good or bad)
>
> *gasp*
>
> Please tell me that you just made a joke.
>
> People should _never_ deduce the origin of a package from its
> filename.
First of all we have signatures for that, secondly if a repository that is
trusted (as you've added the signature) is using someone else repotag on
purpose as a decoy, you can be sure that it will be advertized. No
respectful packager will be risking it.
So yes, the repotag is very useful.
What alternatives do you have (please go over my list of advantages
again to become aware of all different advantages) except maybe adding the
signature to the release-tag ? :)
Having no repotag would be very bad for the Fedora project in general, but
I know you envisage a world with only one repository and all your believes
circle around that. Most of us live in the real world where there will be
always a need and the existance of 3rd party repositories.
So every discussion that ignores that is not worth everybody's time.
-- dag wieers, dag at wieers.com, http://dag.wieers.com/ --
[all I want is a warm bed and a kind word and unlimited power]
More information about the fedora-test-list
mailing list