Hi, On Friday, September 02, 2005 at 14:03:30, Zlatko Michailov wrote:
> I think a public build server will resolve many unknowns. Imagine the build > server only accepts a URL to the source tar ball. That URL is associated > with the compiled RPM so that download users may verify the source URL. > We'll also maintain a list of domain prefixes that the build server may use > to get sources. Then it won't really matter who built the RPM - the source > is verified and the build environment is trusted. The spec is not. And imho the first intrusion point for not trustworthy code is the spec file. You can do all kind of nasty things with RPM trigger scripts because you usually install them as root. So we need a trustsystem for the Packager as well. With the current repos it is the gpg key from the packager. But gpg is a bit hard to understand and handle for the "normal" user who just wants a package. the first thing i always see with, for instance apt4rpm, users is that they disable gpg checking... Henne -- Henne Vogelsang, http://hennevogel.de "Rules change. The Game remains the same." - Omar --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
