On Fri, Apr 14, 2017 at 09:38:51AM -0400, Steve Grubb wrote: > As I said in a subsequent email, "we'll go with hashes now and > work up to signing another day." But I really am serious that the biggest > threat to the project is not some wild eyed MITM attack targeting a whole > distribution. Its me. I doubt few people truly understand the impact of the > bug that Laurent reported and why it moved me to change plans and do a quick > release. (It was not because ausearch was segfaulting.) Again, I call for > more > testing and bug reports. I know they are in the code. I find a couple every > day or two.
Yep, the first factor is the code. But keep in mind that signing tarballs are just 5 minutes of work per release. I see no reason why audit shouldn't do it, all other redhat projects do it too.
signature.asc
Description: PGP signature
-- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
