On Fri, Sep 20, 2013 at 11:04:24PM -0700, Joe Rauch wrote:
I read the comments in
and it looks like the bug might have been at least partially fixed by
a gentleman by the name of Will Woods. Confirmation of this resolution
would be handy in marketing Fedora as secure. If it is indeed fixed,
then the warning on the Fedup page (http://fedoraproject.org/wiki/FedUp
should be removed as it might alarm people.
So, reading this - it seems that Will is saying that verifying the
server is not needed. The packages are signed - and if they are good, it
doesn't really matter if the server is what it says it is. Make sense?
You care about the packages, not the source of the packages (in this
I am interested in what the rest of the group has to say about this.
That's how I interpret it - but, at any rate, I think this is something
that should be followed up on devel rather than marketing.
Joe Brockmeier | Open Source and Standards, Red Hat
jzb(a)redhat.com | http://community.redhat.com/
Twitter: @jzb | http://dissociatedpress.net/