On Thu, Mar 26, 2015 at 4:55 PM, Bojan Smojver <bojan(a)rexursive.com> wrote:
Maybe I'm misunderstanding how things work, but I think every
package in
updates-testing is signed by a human, on an "offline" machine (i.e. someone
has to walk the RPM to it using physical media, sign it and then bring it
back and upload it), which may be causing some of these delays. So, I was
thinking of a more relaxed signing key, which would used directly by the
build system after people build the packages. Virus and malware scanning at
this point would be useful, of course, but would not catch everything -
that's for sure.
PS. Apologies if the above is misinformation. Going from memory here, from
the days of that Fedora compromise a few years ago.
--
Bojan
Either way I'd still probably do it - when I ran Debian and Gentoo I
ran "testing" and rarely had to reinstall. I guess the Debian analogue
would be "sid?" I guess it would be a tradeoff between the new repo
and just running Rawhide, though.
--
OSJourno: Robust Power Tools for Digital Journalists
http://www.znmeb.mobi/stories/osjourno-robust-power-tools-for-digital-jou...
Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.