FC3T2 up2date - <package> is not signed with a GPG signature
Matias Feliciano
feliciano.matias at free.fr
Wed Sep 29 03:23:30 UTC 2004
Le mer 29/09/2004 à 03:35, William Hooper a écrit :
> Matias Feliciano said:
> [snip]
> >
> > rpm --addsign *.rpm. One time per day (for rawhide).
> > I don't know if rpm can sign in batch mode.
>
> What security will that give you? Any hacked RPM just has to get into
> rawhide for 24 hours or less and it is automatically signed...
>
If you don't trust Fedora, don't use Fedora.
Do you trust you mirror ?
If no, use signed rpms (if you find then).
Without signature any rpm package that claim to come from Rawhide is
suspect (even is Fedora servers are secure).
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e.
URL: <http://listman.redhat.com/archives/fedora-test-list/attachments/20040929/46e6e6e9/attachment.sig>
More information about the fedora-test-list
mailing list