Whom should I put my trust?
Phillip Compton
pcompton at proteinmedia.com
Mon Nov 24 21:32:39 UTC 2003
On Mon, 2003-11-24 at 16:12, Timothy Ha wrote:
> Thank you!
>
> I still have some questions (not doubts): With thrilling stories like
> someone break into Linux kernel source, how do you guarant the quality
> of the repositories? Security updates, system tools and so on are there.
I can only speak for the processes at fedora.us.
Each package there has a maintainer who is responsible for keeping up to
date with updates/fixes to that package, although anyone can open a bug
in bugzilla if they note a needed update.
As for security of the packages themselves, fedora.us has a QA process
that requires sources to be verified vs upstream, and all packages must
be signed.
Take a look at:
http://www.fedora.us/wiki/PackageSubmissionQAPolicy
if you'd like a more detailed look at the QA process
and please check out:
http://www.fedora.us/QA
to see the process in action, and perhaps help a little
> Will Redhat be some guarantee to all these things?
No, redhat can not be responsible for the actions of independent
repositories.
Phil
More information about the fedora-list
mailing list