On Mon, 2003-11-24 at 16:12, Timothy Ha wrote: > Thank you! > > I still have some questions (not doubts): With thrilling stories like > someone break into Linux kernel source, how do you guarant the quality > of the repositories? Security updates, system tools and so on are there. I can only speak for the processes at fedora.us. Each package there has a maintainer who is responsible for keeping up to date with updates/fixes to that package, although anyone can open a bug in bugzilla if they note a needed update. As for security of the packages themselves, fedora.us has a QA process that requires sources to be verified vs upstream, and all packages must be signed. Take a look at: http://www.fedora.us/wiki/PackageSubmissionQAPolicy if you'd like a more detailed look at the QA process and please check out: http://www.fedora.us/QA to see the process in action, and perhaps help a little > Will Redhat be some guarantee to all these things? No, redhat can not be responsible for the actions of independent repositories. Phil
