I also think signed packages is amongst nowadays best practices... ... what if some people got hacked packages without Slim Devices knowing their repository had been hacked... ? With a key signing, people would complain really quick that there is something strange, and everything would go back to normal real quick, without anyone being annoyed by a harmful program...
Getting an additionnal checking like this cannot harm Slim Devices reputation... that would rather be the opposite... on the other hand, typing "yes" each time I upgrade SlimServer, and having tons and tons of notification from my system reminding me I got unsigned packages (I coul deactivate it, but this is some part of maintenance automatisation I set up on all my vservers, and I'm too lazy and unorganized to start doing things too much differently amongst them) really got on my nerves, which made me go back to old-rusty-outdated (but at least signed) Etch's SlimServer 6.3... Please sign your linux packages (deb and rpm... and the rest if there is) ! Please... Giving us access to well-formed repositories is yet really good. Thanks for caring about us, but don't stop halfways... PS : sorry for my english, which may be quite rusty... -- Aefron ------------------------------------------------------------------------ Aefron's Profile: http://forums.slimdevices.com/member.php?userid=1777 View this thread: http://forums.slimdevices.com/showthread.php?t=39374 _______________________________________________ beta mailing list [email protected] http://lists.slimdevices.com/lists/listinfo/beta
