How are Fedora RPM packagess verified in RPMFusion buildsys?
Till Maas
opensource at till.name
Wed Jan 13 23:23:50 CET 2010
On Wed, Jan 13, 2010 at 08:19:21AM -0600, Rex Dieter wrote:
> mock typically does not verify keys (making the assumption that the
> repos used internally are generally trusted implicitly).
Afaik, the default configuration of mock is to use it only on machines
very trustworthy people have access (i.e. anyone can acquire root) and
use it only to build throw-away or test packages, that are not intended
to be used on systems with security sensitive data. The default
configuration does not use any internal repos, but the default Fedora
repositories.
Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.rpmfusion.org/pipermail/rpmfusion-developers/attachments/20100113/91176538/attachment.bin
More information about the rpmfusion-developers
mailing list