On Tue, 2004-10-26 at 15:13 +0200, nodata wrote:
This has been discussed over and over, so look at the archives. Basically it boils down to the Rawhide RPMs being automatically generated when there isn't always someone around to sign them. Since the whole point of Rawhide is to get new bits out the door the choice is made not to hold them for a live body to sign them.
Then perhaps rawhide should be signed with a separate key that signs the packages without a live body.
If this is done then it severely reduces the relevance of having them signed in the first place.
My understanding is that, when a package is "signed" by redhat, a human steps up to the plate, does certain verifications, then puts in the pass phrase, and hey presto you have a signed package.
Your suggestion automates the whole process, and drastically reduces the security model.
Personally, I am 100% happy for the sandpit to continue to be unsigned, so long as test/released packages are signed, I am happy.
To me, rawhide is only half a step away from CVS, should the CVS access (once made public) also have every thing GPG signed?
Doug