On Mon, 2004-11-01 at 14:51 -0600, Satish Balay wrote:
- Here the assumption is: EVERONE's perception about gpg-signed rpms
(or rawhide) is the same.
No, just that a significant number of people to make us all miserable believe it means more than "the vendor says this is the one you meant to download".
- And perception is no excuse for proper documentaion.
But when proper documentation and perception differ, perception has already won. I agree, we should document whatever is agreed upon. But let's not agree on something unlike the real world's current perception. That's just silly.
And still, proper documentation is no excuse for non-explicit data formats.
- There will always be wrong assumptions by users. This doesn't equate
to not signing-rawhide-packages. [And documenting it]
The proposal for signing rawhide packages does nothing to dissuade those wrong assumptions, even though it's a relatively easy thing.
And as Matias already pointed out - lets not mix QA perception with 'signature'.
And let's not mix "signature" with "signature on one piece of data that makes a specific claim". We don't have the latter, and it's best not to use the former at places where it's important for people to have the more limited set of expectations.