Tom Horsley wrote: > I'm sure it takes many hours to do the full check for everything, > but something puts new packages in the repo. Simple checks for the > obvious dumb stuff like wrong sig seem like it ought to be possible > for each package at the time it is merged into the repo. True. Some of that lack is just due to not enough hours in the day of the folks that are doing the work to put the distro together. Jesse Keating is working on a signing server tool that is intended to help spread the work load (securely) so that a few more folks can help out in some aspects. That will hopefully free up time to work on other integration issues and checks. -- Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Curiosity killed the cat, but for awhile I was a suspect. -- Steven Wright
Attachment:
pgpfSKXsKQlwK.pgp
Description: PGP signature