Ready for new RPM version?
Adam Williamson
awilliam at redhat.com
Fri Feb 27 21:21:23 UTC 2009
On Fri, 2009-02-27 at 16:01 -0500, Jon Masters wrote:
> On Fri, 2009-02-27 at 12:14 -0800, Adam Williamson wrote:
> > On Fri, 2009-02-27 at 13:24 +0100, Till Maas wrote:
> > > On Fr Februar 27 2009, Adam Williamson wrote:
> > >
> > > > It would be nice to have everyone who works on Rawhide, work *from*
> > > > Rawhide. I suspect this would make people generally less keen to break
> > > > stuff. =)
> > >
> > > I hope that nobody does this, because the rpm packages for Rawhide are not
> > > signed and therefore should not be trusted.
> >
> > Huh. I didn't know that. Is there some reason why not? Is it the manual
> > signing thing?
>
> It's not actually just that though, due to the amount of churn, open ACL
> lists, and so forth, I think you'd need to do a lot more before you
> could go using rawhide for day-to-day stuff. Of course people more
> trusting than myself will happily argue otherwise :)
Hmm. As far as I can see, signing Rawhide packages would still have
value, in that it would prove that the package was created either by an
approved maintainer of that package or by a Proven Packager, and was
properly built through the official build system (it should, anyway, if
the signing process is properly situated at the end of the above process
and can't be accessed in any other way).
That would be a useful thing to provide, I'd think.
--
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net
More information about the fedora-devel-list
mailing list