-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kunael wrote:
Installation and Update sources are now handled the same way, so normal Installation will install also the latest security update, or the updater will install new / changed dependencies of packages.
Ok; indeed, it's a good reason. But I think this info not appears in Release Notes file. I know it's a minor change, but possibly others users don't know it (as me, of course :P) Maybe will be good idea to include that info in the Release Notes file.
Because it is not cryptographically signed. This means that you cannot ensure that an attacker has modified it (on the ftp site) to install exploits your machine or similar.
¿Can the packman admins signs their packages? I think packman repositories have prestige enough for that. I don't see any reason to don't make it.
It's not a question of "prestige", but
1) it has been done 100% behind the curtain and not advertised by the
SUSE staff until it was implemented and released (and no easy
path/instructions offered to do it for 3rd party repository maintainers)
2) better contact the Packman team directly: packman@links2linux.de
cheers
- --
-o) Pascal Bleser http://linux01.gwdg.de/~pbleser/
/\\