Mailinglist Archive: opensuse (3217 mails)
| < Previous | Next > |
Re: [SLE] apt: unsigned/unknown signature packages
- From: Ivan Sergio Borgonovo <mail@xxxxxxxxxxxxxxx>
- Date: Fri, 5 Mar 2004 09:55:03 +0100
- Message-id: <20040305095503.6538bb73@xxxxxxxxxxxxxxxxxxxxx>
On Thu, 4 Mar 2004 18:12:27 -0800
Joe Dufresne <nqs@xxxxxxxxxxxxxxxx> wrote:
> On Tuesday 02 March 2004 14:27, Ivan Sergio Borgonovo wrote:
> > On Tue, 2 Mar 2004 23:16:38 +0100
> >
> > Richard Bos <radoeka@xxxxxxxxx> wrote:
> > > actually all the time we used apt. The only change now is that
> > > it is being reported to you.
> > >
> > :(
> >
> > still... it has to be fixed.
> >
>
> Very well. please submit the patches to the apt4rpm project
> maintainers when you're done
Apparently you're a lazy reader but a proficient signature writer.
apt actually got fixed and this revealed we were installing not signed
packages.
What I'm asking is if all the people contributing to the unofficial
SUSE packages could sign their rpm.
I'm perfectly aware they are doing it on a voluntary base but I'd
think it is a waste of resources to do their job twice just to publish
signed packages.
I know how hard they are working cos I find hard to package the 2 or 3
software I like to keep up to date on a regular base and I do it for
myself without the responsibility of screwing some thousands other
boxes.
Nevertheless I think signing all the packages that reach SUSE apt
repositories is important and it will add just 1/1000 of the work that
all unofficial SUSE package maintainers are already doing.
oooh and this is a plea not an blame of course.
Joe Dufresne <nqs@xxxxxxxxxxxxxxxx> wrote:
> On Tuesday 02 March 2004 14:27, Ivan Sergio Borgonovo wrote:
> > On Tue, 2 Mar 2004 23:16:38 +0100
> >
> > Richard Bos <radoeka@xxxxxxxxx> wrote:
> > > actually all the time we used apt. The only change now is that
> > > it is being reported to you.
> > >
> > :(
> >
> > still... it has to be fixed.
> >
>
> Very well. please submit the patches to the apt4rpm project
> maintainers when you're done
Apparently you're a lazy reader but a proficient signature writer.
apt actually got fixed and this revealed we were installing not signed
packages.
What I'm asking is if all the people contributing to the unofficial
SUSE packages could sign their rpm.
I'm perfectly aware they are doing it on a voluntary base but I'd
think it is a waste of resources to do their job twice just to publish
signed packages.
I know how hard they are working cos I find hard to package the 2 or 3
software I like to keep up to date on a regular base and I do it for
myself without the responsibility of screwing some thousands other
boxes.
Nevertheless I think signing all the packages that reach SUSE apt
repositories is important and it will add just 1/1000 of the work that
all unofficial SUSE package maintainers are already doing.
oooh and this is a plea not an blame of course.
| < Previous | Next > |