On Wed, 2003-12-31 at 15:43, Michael Schwendt wrote:
People don't build src.rpms for fun. They build them to install the built
packages as root (!) and then to use them from within their normal user
He's talking about 'rpmbuild --sign zbr' and not 'rpmbuild zbr'
The problem is well explained, and only who doesn't believe a trojan
could be inject in apparently good source code (ie, downloaded from
sf.net, for instance -- ever heard of dns spoofs?) doesn't understand.
When I build RPMS for AbiWord, I build the RPMS with a specific user for
rpmbuilding, and sign the rpms afterward with my key, on my account.