Proposal: Discourage rpmbuild --sign

Rui Miguel Seabra rms at
Wed Dec 31 19:19:18 UTC 2003

On Wed, 2003-12-31 at 19:02, Willem Riede wrote:
> On 2003.12.31 12:24, Rui Miguel Seabra wrote:
> While that is a good practice, is it sufficient? How do you know that the 
> package you just attached your reputation to (by signing with your key)
> isn't going to trash or take over the system of any user that installs it?

Because I trust in the fellowship that develops AbiWord and from close

OF COURSE it is not sufficient, please read

to grasp how bad it _IS_POSSIBLE_ to be.

Now define a level you can live with and start reasoning from there.

OF COURSE it is not sufficient, but it's one more layer that should be
added and doesn't penalize efficiency.


+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?

Please AVOID sending me WORD, EXCEL or POWERPOINT attachments.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : 

More information about the devel mailing list