Should Fedora rpms be signed?
Satish Balay
balay at fastmail.fm
Mon Nov 1 19:47:32 UTC 2004
On Mon, 1 Nov 2004, Jeff Spaleta wrote:
> On Mon, 1 Nov 2004 12:58:22 -0600 (CST), Satish Balay <balay at fastmail.fm> wrote:
> > No confusion here either - as rawhide packages are never mistaken for
> > erratum packages.
>
> really? noone ever mistakes a package from rawhide as a consumable package?
> really? no one ever does a random search for a package from an online
> rpm warehouse and finds a package meant as a piece of rawhide and not
> as a consumable update?
> really? no one ever takes packages from the rawhide tree and mixes
> them with updates and creates a homebrew repository that other users
> will be using?
>
> i think you need to spend more time in general purpose community
> forums and watch how often the less informed are confused about what
> rawhide/development packages are meant for. Everyone in this
> conversation is in the 1% tail of the distribution of clue in the
> userbase. Arguing that you are not confused is sort of pointless. I
> see people confused by what rawhide is, every single day.
Ok the wording of my statement is wrong. (given any tool you'll find
somenoe who'll use it incorrectly - and break it (or break something
else)
But unless you are saing: somehow the current non-gpg-signed packages
are preventing such folks from doing the wrong things (listed above) -
and 'gpg-singing' encourages them to do them - your text adds no
substance to the discussion.
Satish
More information about the fedora-test-list
mailing list