Re: Package XYZ is not signed

[Alexander Boström <abo kth se>]

tis 2007-10-30 klockan 19:25 +0100 skrev nodata:

> It worries me massively, from a security perspective, that someone from
> inside Red Hat would say something as wrong as this. 

Trusting the network is sadly quite common. That sort of thinking is
something we in the Unix and free software world need to get rid of
right now if we want to keep telling people we have the most secure
systems.

I'd much rather trust "packages signed with the rawhide auto-sign key"
than "packages which the internet sends you when you ask for rawhide
bits".

/abo