[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Draft Proposal: Spin Submission and Approval Process



On Tue, Mar 4, 2008 at 12:34 PM, Jeff Spaleta <jspaleta gmail com> wrote:
> On Tue, Mar 4, 2008 at 12:29 PM, Josh Boyer <jwboyer gmail com> wrote:
>  >  Except spins are done off of released versions of Fedora.  Which means
>  >  the packages they use are already signed with the Fedora key.
>
>  We'd have to have some way to verify that.

Correct me if I'm wrong, but any sort of checksum comparison between
multiple locally built images wouldn't work as a baseline verifier of
which repository a spin was built from would it?  If 4 different
people took the kickstart and rebuilt it using the livecd tools on
different machines at different times, using packages from the fedora
repository..they wouldn't end up with images with the same checksums
right?

-jef


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]