On Thu, 4 Nov 2004, Peter Jones wrote:
My model is that the signature is more than just a gpg signature. Conceptually, it's a signature on a certificate with data that specifies exactly which ways the package may be trusted. One could actually implement it that way, which I think we should, but it's some significant effort.
Yeah - but we don't have that right now. The thing we are debating is - why signing 'rawhide' with gpg key is wrong.
The specific proposal here was that when you *don't* mean the things that people infer from a signed package, don't sign the package.
You mean Axel, Dag should't sign the packages they distribute. (because that would imply its equally trustworthy as redhat-certified)
And according to your model - If I were to distribure signed/unsigned packages - the expection for unsigned is different(can eat data) - but signed is different (extremely stable)
The question is: How does your user know that the pacakge I distribured is signed with a gpg-key?
Satish