Mailinglist Archive: opensuse (2831 mails)

< Previous Next >
Re: [opensuse] Why?
  • From: Marcus Meissner <meissner@xxxxxxx>
  • Date: Sun, 23 Jul 2006 22:15:23 +0200
  • Message-id: <20060723201523.GA3548@xxxxxxx>
On Sat, Jul 22, 2006 at 10:55:32AM +0200, Pascal Bleser wrote:
> Kunael wrote:
> >> Installation and Update sources are now handled the same way, so normal
> >> Installation will install also the latest security update, or the updater
> >> will install new / changed dependencies of packages.
> >
> > Ok; indeed, it's a good reason.
> > But I think this info not appears in Release Notes file. I know it's a minor
> > change, but possibly others users don't know it (as me, of course :P)
> > Maybe will be good idea to include that info in the Release Notes file.
> >
> >> Because it is not cryptographically signed. This means that you cannot
> >> ensure that an attacker has modified it (on the ftp site) to install
> >> exploits your machine or similar.
> >
> > �Can the packman admins signs their packages? I think packman repositories
> > have prestige enough for that. I don't see any reason to don't make it.
> It's not a question of "prestige", but
> 1) it has been done 100% behind the curtain and not advertised by the
> SUSE staff until it was implemented and released (and no easy
> path/instructions offered to do it for 3rd party repository maintainers)

Because it was only planned and started 1 week before addition.

- YUM repos are trivial to sign.
- Old style YaST repos similar.

Both were documented clearly and obviously on time and there is nothing
actually stopping you to use it right now.

So stop spreading misinformed guesses.

Ciao, Marcus

To unsubscribe, e-mail: opensuse-unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-help@xxxxxxxxxxxx

< Previous Next >