A proposal for Fedora updates

M. Edward (Ed) Borasky znmeb at znmeb.net
Fri Mar 27 02:19:05 UTC 2015

On Thu, Mar 26, 2015 at 4:55 PM, Bojan Smojver <bojan at rexursive.com> wrote:
> Maybe I'm misunderstanding how things work, but I think every package in
> updates-testing is signed by a human, on an "offline" machine (i.e. someone
> has to walk the RPM to it using physical media, sign it and then bring it
> back and upload it), which may be causing some of these delays. So, I was
> thinking of a more relaxed signing key, which would used directly by the
> build system after people build the packages. Virus and malware scanning at
> this point would be useful, of course, but would not catch everything -
> that's for sure.
> PS. Apologies if the above is misinformation. Going from memory here, from
> the days of that Fedora compromise a few years ago.
> --
> Bojan

Either way I'd still probably do it - when I ran Debian and Gentoo I
ran "testing" and rarely had to reinstall. I guess the Debian analogue
would be "sid?" I guess it would be a tradeoff between the new repo
and just running Rawhide, though.

OSJourno: Robust Power Tools for Digital Journalists

Remember, if you're traveling to Bactria, Hump Day is Tuesday and Thursday.

More information about the devel mailing list