-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday 18 December 2002 10:55 am, Steve Fox wrote: > Is there a reason that some contrib packages are left unsigned? If > Mandrake rebuilds uploaded SRPMs why aren't they then signed with the > Mandrake key?
Because Mandrake can't vouch for their integrity. The building of SRPMs is (most likely) an automated process, and obviously the source is not looked at for each revision of an app. I do however also find the errors by rpmdrake _very_ annoying. Could Mandrake perhaps include a seperate key for signing contrib apps, and give a message (but only once) that the signing only proves that the package was built by Mandrake, nothing else. WDYT? - -- Please encrypt all correspondence. PGP key available from: http://individual.utoronto.ca/noyes/snoyes.asc - -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iD8DBQE+AFZjgzJdfX+cTW8RAtAUAJ0RWdSyILyntWWGm/jtIWgeh2nKJwCgpXS1 oJlAmpLPUBfJUDG7HBf6J0E= =nY2K -----END PGP SIGNATURE-----
