On Sat, Jul 22, 2006 at 10:55:32AM +0200, Pascal Bleser wrote: > Kunael wrote: > >> Installation and Update sources are now handled the same way, so normal > >> Installation will install also the latest security update, or the updater > >> will install new / changed dependencies of packages. > > > > Ok; indeed, it's a good reason. > > But I think this info not appears in Release Notes file. I know it's a > > minor > > change, but possibly others users don't know it (as me, of course :P) > > Maybe will be good idea to include that info in the Release Notes file. > > > >> Because it is not cryptographically signed. This means that you cannot > >> ensure that an attacker has modified it (on the ftp site) to install > >> exploits your machine or similar. > > > > �Can the packman admins signs their packages? I think packman repositories > > have prestige enough for that. I don't see any reason to don't make it. > > It's not a question of "prestige", but > > 1) it has been done 100% behind the curtain and not advertised by the > SUSE staff until it was implemented and released (and no easy > path/instructions offered to do it for 3rd party repository maintainers)
Because it was only planned and started 1 week before addition. - YUM repos are trivial to sign. - Old style YaST repos similar. Both were documented clearly and obviously on time and there is nothing actually stopping you to use it right now. http://opensuse.org/Secure_Installation_Sources So stop spreading misinformed guesses. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
