From: Daniel Veillard (Daniel.Veillard@w3.org)
Date: Mon Dec 18 2000 - 08:41:26 EST
On Mon, Dec 18, 2000 at 08:25:11AM -0500, Dug Song wrote:
> On Mon, Dec 18, 2000 at 02:08:06PM +0100, Daniel Veillard wrote:
>
> > I understand that people should be aware that downloading packages (source
> > or binary it doesn't matter !), they should verify they have not been
> > trojaned, but without PGP or associed signature in place there is no
> > way to check. I am trying to build an infrastructure that would allow to
> > also lookup easilly PGP and GPG keys for the authors. I understand that
> > people should be warned.
>
> yes, this was simply my intent, and i added the note in typing the
> page up quickly without thinking. i've since removed it, as it does
> indeed connote a level of distrust well beyond anything warranted or
> intended.
-----------
(see rpmfind.net for binary RPMs, which you should always check with rpm --checksig).
-----------
Fantastic !
> > should not install RPMs blindly, then the useful message to carry is to
> > tell people to have their distribution key installed and simply check
> > the packages with rpm --checksig, this have weight and this is
> > useful !
>
> i will gladly add this. thank you for your feedback, and i apologize
> for the brief misrepresentation of your unique and essential service.
Sorry I overreacted, ... Thanks for the prompt change !
yours,
Daniel
-- Daniel.Veillard@w3.org | W3C, INRIA Rhone-Alpes | libxml Gnome XML toolkit Tel : +33 476 615 257 | 655, avenue de l'Europe | http://xmlsoft.org/ Fax : +33 476 615 207 | 38330 Montbonnot FRANCE | Rpmfind search site http://www.w3.org/People/all#veillard%40w3.org | http://rpmfind.net/
This archive was generated by hypermail 2b29 : Thu May 10 2001 - 18:40:13 EDT