Re: Whom should I put my trust?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, 2003-11-24 at 16:12, Timothy Ha wrote:
> Thank you!
> 
> I still have some questions (not doubts): With thrilling stories like 
> someone break into Linux kernel source, how do you guarant the quality 
> of the repositories? Security updates, system tools and so on are there.

I can only speak for the processes at fedora.us. 

Each package there has a maintainer who is responsible for keeping up to
date with updates/fixes to that package, although anyone can open a bug
in bugzilla if they note a needed update.

As for security of the packages themselves, fedora.us has a QA process
that requires sources to be verified vs upstream, and all packages must
be signed. 

Take a look at:
http://www.fedora.us/wiki/PackageSubmissionQAPolicy
if you'd like a more detailed look at the QA process

and please check out:
http://www.fedora.us/QA
to see the process in action, and perhaps help a little

> Will Redhat be some guarantee to all these things?

No, redhat can not be responsible for the actions of independent
repositories.


Phil




[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux