Re: RPM security (a newbie question)

• To: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
• Subject: Re: RPM security (a newbie question)
• From: Rahul Sundaram <sundaram@xxxxxxxxxxxxxxxxx>
• Date: Thu, 02 Apr 2009 16:40:04 +0530
• In-reply-to: <49D497F5.7080202@xxxxxxxxxxxxxxxxxxxxx>
• Organization: Red Hat
• References: <49D3E381.7090006@xxxxxxxxxxxxxxxxxxxxx> <20090401230648.GA17880@xxxxxxxxxxxxxxxxxxxxxxx> <49D497F5.7080202@xxxxxxxxxxxxxxxxxxxxx>
• Reply-to: "Community assistance, encouragement, and advice for using Fedora." <fedora-list@xxxxxxxxxx>
• User-agent: Thunderbird 2.0.0.21 (X11/20090320)

Stanisław T. Findeisen wrote:

> Really? Have you seen a list telling you who reviewed which package
> before it got signed with Fedora key?
> 
> Probably there are lots of packages reviewed by their authors only?

Review and signing are two different processes. Every single new package
has to go through a review process as outlined in

http://fedoraproject.org/wiki/Packaging/ReviewGuidelines

Signing a package is done by a small number of people in the release
engineering team and they do that manually before pushing it into the
repositories.

Rahul

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

• Follow-Ups:
  • Re: RPM security (a newbie question)
    • From: "Stanisław T. Findeisen"

• References:
  • RPM security (a newbie question)
    • From: "Stanisław T. Findeisen"
  • Re: RPM security (a newbie question)
    • From: Todd Zullinger
  • Re: RPM security (a newbie question)
    • From: "Stanisław T. Findeisen"

• Prev by Date: Re: RPM security (a newbie question)
• Next by Date: Re: qgtkstyle on qt4
• Previous by thread: Re: RPM security (a newbie question)
• Next by thread: Re: RPM security (a newbie question)
• Index(es):
  • Date
  • Thread