FC3T2 up2date - <package> is not signed with a GPG signature

Wed Sep 29 14:08:07 UTC 2004

Le mer 29/09/2004 à 14:14, William Hooper a écrit :
> Matias Feliciano said:
> > Le mer 29/09/2004 Ã  03:35, William Hooper a Ã©crit :
> >
> >> Matias Feliciano said:
> >> [snip]
> >>
> >>>
> >>> rpm --addsign *.rpm. One time per day (for rawhide). I don't know if
> >>> rpm can sign in batch mode.
> >>
> >> What security will that give you?  Any hacked RPM just has to get into
> >> rawhide for 24 hours or less and it is automatically signed...
> >>
> >
> > If you don't trust Fedora, don't use Fedora.
> 
> You are side stepping the question.
> 
> [snip]
> > Without signature any rpm package that claim to come from Rawhide is
> > suspect
> 
> And with yoiur suggestion a signature just means it came from the main
> server and speaks nothing if it was actually supposed to be there.
> 
> The manual process that is used with releases is the right one.  You know
> that package is supposed to be there because a human signed it.  Rawhide
> moves to fast for that.  Rather than half-assing it and adding a
> meaningless signature, the choice is made to not sign the packages.  If
> you don't feel comfortable with that, don't use Rawhide.
> 

you miss the point again. I am not talking about QA.
My mails are signed. It not a guarantee that I use a good English :-)
This only mean that this bad mail you are currently reading is from me.
No more.

If I use my favorite mirror to grab Rawhide _from_ Red Hat® and not to
get a desktop-background package with full of porn XXXX or to help a kid
to install a rootkit on my computer because my mirror have been cracked.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message
	=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e=2E?=
Url : http://lists.fedoraproject.org/pipermail/test/attachments/20040929/1c25c46d/attachment.bin 