Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
Re: [opensuse] Why?
  • From: Pascal Bleser <pascal.bleser@xxxxxxxxx>
  • Date: Sat, 22 Jul 2006 10:55:32 +0200
  • Message-id: <44C1E804.9000205@xxxxxxxxx>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Kunael wrote:
>> Installation and Update sources are now handled the same way, so normal
>> Installation will install also the latest security update, or the updater
>> will install new / changed dependencies of packages.
>
> Ok; indeed, it's a good reason.
> But I think this info not appears in Release Notes file. I know it's a minor
> change, but possibly others users don't know it (as me, of course :P)
> Maybe will be good idea to include that info in the Release Notes file.
>
>> Because it is not cryptographically signed. This means that you cannot
>> ensure that an attacker has modified it (on the ftp site) to install
>> exploits your machine or similar.
>
> ┬┐Can the packman admins signs their packages? I think packman repositories
> have prestige enough for that. I don't see any reason to don't make it.

It's not a question of "prestige", but

1) it has been done 100% behind the curtain and not advertised by the
SUSE staff until it was implemented and released (and no easy
path/instructions offered to do it for 3rd party repository maintainers)

2) better contact the Packman team directly: packman@xxxxxxxxxxxxxx

cheers
- --
-o) Pascal Bleser http://linux01.gwdg.de/~pbleser/
/\\ <pascal.bleser@xxxxxxxxx> <guru@xxxxxxxxxxx>
_\_v The more things change, the more they stay insane.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEwegDr3NMWliFcXcRAqTyAJ4rfzx7RliZbdH0MFnXlmfFP8sRpgCfVrwC
zvHlG94tcPFsiCrzcMBnQH0=
=HSGg
-----END PGP SIGNATURE-----

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-help@xxxxxxxxxxxx

< Previous Next >
Follow Ups