Leif Nixon wrote:
> Could someone explain the rationale for not having signed RPM
> packages?
Deployment of unsigned rpms is (much) easier... See below.
> For example, I just realized our CA packages are unsigned and
> automatically updated over an insecure channel at predictable times.
> This is... less than satisfactory.
Indeed, and that is why this matter should become a priority.
Please open a bug about it.
|