On 9/2/06, Jonas Karlsson <[EMAIL PROTECTED]> wrote:
On Sat, 02 Sep 2006 23:44:52 +0200, André Detsch <[EMAIL PROTECTED]> wrote:
> Although signature support is really relevant, most of our binary
> packages still don't have correct signatures. So, it look like to me
> we are 'crying wolf' at this time, and, in the future, when we got to
> have all our packages signed, the user may look to a signature error
> from a package that _was_ hacked and think "Oh that's normal. All I
> have to do is to force the installation.".
>
More things to add to this is that there's a bug in the current release,
making VerifyProgram die on _all_ packages. This is correted in CVS.
I'm mostly offline right now (hopefully this will get fixed in the
next few days), but if you guys want to pack a new release of Scripts,
I say go ahead. I think André can pack and release them from current
CVS easily.
-- Hisham
_______________________________________________
gobolinux-devel mailing list
gobolinux-devel@lists.gobolinux.org
http://lists.gobolinux.org/mailman/listinfo/gobolinux-devel
