Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
Re: [opensuse] Why?
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Sun, 23 Jul 2006 22:15:23 +0200
  • Message-id: <20060723201523.GA3548@xxxxxxx>
On Sat, Jul 22, 2006 at 10:55:32AM +0200, Pascal Bleser wrote:
> Kunael wrote:
> >> Installation and Update sources are now handled the same way, so normal
> >> Installation will install also the latest security update, or the updater
> >> will install new / changed dependencies of packages.
> >
> > Ok; indeed, it's a good reason.
> > But I think this info not appears in Release Notes file. I know it's a minor
> > change, but possibly others users don't know it (as me, of course :P)
> > Maybe will be good idea to include that info in the Release Notes file.
> >
> >> Because it is not cryptographically signed. This means that you cannot
> >> ensure that an attacker has modified it (on the ftp site) to install
> >> exploits your machine or similar.
> >
> > �Can the packman admins signs their packages? I think packman repositories
> > have prestige enough for that. I don't see any reason to don't make it.
>
> It's not a question of "prestige", but
>
> 1) it has been done 100% behind the curtain and not advertised by the
> SUSE staff until it was implemented and released (and no easy
> path/instructions offered to do it for 3rd party repository maintainers)

Because it was only planned and started 1 week before addition.

- YUM repos are trivial to sign.
- Old style YaST repos similar.

Both were documented clearly and obviously on time and there is nothing
actually stopping you to use it right now.

http://opensuse.org/Secure_Installation_Sources

So stop spreading misinformed guesses.

Ciao, Marcus

---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-help@xxxxxxxxxxxx

< Previous Next >