On Sun, 2004-10-24 at 20:15, Ian Pilcher wrote:
Too bad rawhide updates often *are* unsigned.
And Red Hat Security never sends out e-mails about Rawhide updates
either. Basically, it come down to that you shouldn't be running Rawhide
on anything security-critical. Rather simplistic trickery such as this
you should be able to avoid anyways. Of course, getting a more automated
signing procedure in place so that Rawhide could be fully signed would
be nice. It's just really important that the signing can be done in such
a way that it actually means something, even though it's done
automatically.
All supported updates _are_ signed. People running test releases should
know what they are doing.
/Per
--
Per Bjornsson <perbj(a)stanford.edu>
Ph.D. Candidate, Department of Applied Physics, Stanford University