Package XYZ is not signed
nodata
lsof at nodata.co.uk
Sun Oct 28 17:22:07 UTC 2007
Am Donnerstag, den 25.10.2007, 22:51 -0400 schrieb Will Woods:
> This has been discussed a bunch of times already. Rawhide packages
> aren't signed. This is intentional.
That's nice. So I'll stop testing rawhide now because I don't know where
the packages are from. Conveniently jumping off and on the security
bandwagon at different stages in the release is a bit churlish.
It only takes one malicious unsigned package to be installed for the box
to be compromised, and nothing will protect against that.
Come on though, we have auto-signing now, what was the killer reason for
unsigned rpms?
More information about the devel
mailing list