warning to list

Jim Martin bavinic at comcast.net
Mon Oct 25 15:20:51 UTC 2004 

Matias Féliciano wrote:

>Le lundi 25 octobre 2004 à 14:46 -0400, Ricardo Veguilla a écrit :
>  
>
>>On Mon, 2004-10-25 at 19:42 +0200, Matias Féliciano wrote:
>>
>>    
>>
>>>Let me try to summarise  (in my bad English).
>>>
>>>It's up to me to decide to use a beta for a mission critical computer.
>>>Right now, for my personal computer, I feel the risk is pay back because
>>>this improve (I hope:-)) Fedora (and RHEL in a long run). And also
>>>because I like enjoying with the latest technology.
>>>
>>>By not signing their rpm in rawhide, Red Hat "force" me to take risk
>>>(fake rpm, ...) for _nothing_. I don't want to take these risks.
>>>
>>>      
>>>
>>I can't believe you are making this argument.*You* "forced" yourself
>>when *you* decided to use an unsupported beta. I mean you said it
>>yourself:
>>
>>"It's up to me to decide to use a beta for a mission critical computer.
>>Right now, for my personal computer, I feel the risk is pay back..."
>>
>>If you don't want to take those risks, then you shouldn't be using
>>fedora rawhide. 
>>
>>    
>>
>
>Well, you are right. But, some times rpm are signed, some times they are
>not, all rpm are signed when it's a full test release (FC3T1,
>FC3T2, ...), rpm packages for BETA RHEL are signed, ...
>
>Right now there are 4 packages not signed :
>gtk2-2.4.13-3.i386.rpm
>gtk2-devel-2.4.13-3.i386.rpm
>fedora-release-3-rawhide.noarch.rpm
>rpmdb-fedora-3-0.20041025.i386.rpm
>
>The problem is if not all packages are signed, I can't use "gpgcheck=1"
>with yum.
>Some time ago, there was over 600 (!) package not signed (more than 1
>Go).
>If Red Hat don't want to sign their package, than they should not sign
>any packages at all and state this in fedora.redhat.com site to make it
>clear.
>
>Perhaps I will not be a beta tester any more since beta tester seem to
>imply "suffer with potential trojan, cracked packages, ...". Things that
>obviously Red Hat don't care about for Fedora but only for RHEL.
>  
>
I've been staying out of this thread, more or less because I find the 
whole thing to be pointless, but now I have to say, maybe you should not 
be running any test version, go with a released version and you will be 
happy.
this is a TEST version, which means there are going to be many packages 
released, and updated on a daily basis ( for the most part) some will be 
signed, some will not. as a tester, this is something you should already 
know.
Also if you are a tester, than you should also know that you should run 
a test version as your primary OS, that is just plain stupid, unless you 
are willing to accept the problems that WILL come with running a test 
version.

As far as the orignal topic of this post, I would really hope that no 
one was fooled by this, I never would have believed it.

BaVinic

More information about the test mailing list