On Sat, Jul 22, 2006 at 10:55:32AM +0200, Pascal Bleser wrote:
Kunael wrote:
Installation and Update sources are now handled the same way, so normal Installation will install also the latest security update, or the updater will install new / changed dependencies of packages.
Ok; indeed, it's a good reason. But I think this info not appears in Release Notes file. I know it's a minor change, but possibly others users don't know it (as me, of course :P) Maybe will be good idea to include that info in the Release Notes file.
Because it is not cryptographically signed. This means that you cannot ensure that an attacker has modified it (on the ftp site) to install exploits your machine or similar.
�Can the packman admins signs their packages? I think packman repositories have prestige enough for that. I don't see any reason to don't make it.
It's not a question of "prestige", but
1) it has been done 100% behind the curtain and not advertised by the SUSE staff until it was implemented and released (and no easy path/instructions offered to do it for 3rd party repository maintainers)
Because it was only planned and started 1 week before addition. - YUM repos are trivial to sign. - Old style YaST repos similar. Both were documented clearly and obviously on time and there is nothing actually stopping you to use it right now. http://opensuse.org/Secure_Installation_Sources So stop spreading misinformed guesses. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-unsubscribe@opensuse.org For additional commands, e-mail: opensuse-help@opensuse.org