warning to list

Alan Cox alan at redhat.com
Tue Oct 26 22:38:24 UTC 2004


On Tue, Oct 26, 2004 at 04:03:46PM -0600, Rodolfo J. Paiz wrote:
> His point was that if the package is not signed, then it is easier for
> someone to substitute a trojan package on a mirror server. He's arguing
> that signing packages would add one level of useful security (or "trust"
> if you will, in that at least you would know that the package you
> downloaded had been built at Red Hat or by the Fedora Project.

The question is what should it be signed by I guess. Red Hat don't trust or
warrant rawhide packages.




More information about the fedora-test-list mailing list