Proposal: Discourage rpmbuild --sign
Rui Miguel Seabra
rms at 1407.org
Wed Dec 31 19:19:18 UTC 2003
On Wed, 2003-12-31 at 19:02, Willem Riede wrote:
> On 2003.12.31 12:24, Rui Miguel Seabra wrote:
> While that is a good practice, is it sufficient? How do you know that the
> package you just attached your reputation to (by signing with your key)
> isn't going to trash or take over the system of any user that installs it?
Because I trust in the fellowship that develops AbiWord and from close
OF COURSE it is not sufficient, please read
to grasp how bad it _IS_POSSIBLE_ to be.
Now define a level you can live with and start reasoning from there.
OF COURSE it is not sufficient, but it's one more layer that should be
added and doesn't penalize efficiency.
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20031231/1c8f5cec/attachment-0002.bin
More information about the devel