-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Kunael wrote: >> Installation and Update sources are now handled the same way, so normal >> Installation will install also the latest security update, or the updater >> will install new / changed dependencies of packages. > > Ok; indeed, it's a good reason. > But I think this info not appears in Release Notes file. I know it's a minor > change, but possibly others users don't know it (as me, of course :P) > Maybe will be good idea to include that info in the Release Notes file. > >> Because it is not cryptographically signed. This means that you cannot >> ensure that an attacker has modified it (on the ftp site) to install >> exploits your machine or similar. > > ¿Can the packman admins signs their packages? I think packman repositories > have prestige enough for that. I don't see any reason to don't make it.
It's not a question of "prestige", but 1) it has been done 100% behind the curtain and not advertised by the SUSE staff until it was implemented and released (and no easy path/instructions offered to do it for 3rd party repository maintainers) 2) better contact the Packman team directly: [EMAIL PROTECTED] cheers - -- -o) Pascal Bleser http://linux01.gwdg.de/~pbleser/ /\\ <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> _\_v The more things change, the more they stay insane. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFEwegDr3NMWliFcXcRAqTyAJ4rfzx7RliZbdH0MFnXlmfFP8sRpgCfVrwC zvHlG94tcPFsiCrzcMBnQH0= =HSGg -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
