Am Donnerstag, den 25.10.2007, 22:51 -0400 schrieb Will Woods:
This has been discussed a bunch of times already. Rawhide packages
aren't signed. This is intentional.
That's nice. So I'll stop testing rawhide now because I don't know where
the packages are from. Conveniently jumping off and on the security
bandwagon at different stages in the release is a bit churlish.
It only takes one malicious unsigned package to be installed for the box
to be compromised, and nothing will protect against that.
Come on though, we have auto-signing now, what was the killer reason for
unsigned rpms?