Ready for new RPM version?

Adam Williamson awilliam at redhat.com
Fri Feb 27 21:47:10 UTC 2009


On Fri, 2009-02-27 at 16:30 -0500, Jon Masters wrote:

> > Hmm. As far as I can see, signing Rawhide packages would still have
> > value, in that it would prove that the package was created either by an
> > approved maintainer of that package or by a Proven Packager, and was
> > properly built through the official build system (it should, anyway, if
> > the signing process is properly situated at the end of the above process
> > and can't be accessed in any other way).
> 
> Yeah, still doesn't protect against the guy who introduces a new package
> today that includes an updated configuration for my VPN client, or my
> email client, or a host of other stuff I might be using and rely upon.

Sure. I didn't say it does. That doesn't make it useless. :)

(On a practical level, neither do F9 or F10, since maintainers can at
present push packages directly to the official updates repository with
no oversight, AFAIK).
-- 
Adam Williamson
Fedora QA Community Monkey
IRC: adamw | Fedora Talk: adamwill AT fedoraproject DOT org
http://www.happyassassin.net




More information about the fedora-devel-list mailing list