On Mon, 2004-11-01 at 14:51 -0600, Satish Balay wrote:
- Here the assumption is: EVERONE's perception about gpg-signed
rpms
(or rawhide) is the same.
No, just that a significant number of people to make us all miserable
believe it means more than "the vendor says this is the one you meant to
download".
- And perception is no excuse for proper documentaion.
But when proper documentation and perception differ, perception has
already won. I agree, we should document whatever is agreed upon. But
let's not agree on something unlike the real world's current perception.
That's just silly.
And still, proper documentation is no excuse for non-explicit data
formats.
- There will always be wrong assumptions by users. This doesn't
equate
to not signing-rawhide-packages. [And documenting it]
The proposal for signing rawhide packages does nothing to dissuade those
wrong assumptions, even though it's a relatively easy thing.
And as Matias already pointed out - lets not mix QA perception with
'signature'.
And let's not mix "signature" with "signature on one piece of data
that
makes a specific claim". We don't have the latter, and it's best not to
use the former at places where it's important for people to have the
more limited set of expectations.
--
Peter
"Traveling through hyperspace isn't like dusting crops, boy."
-- Solo