[asdf-install-devel] Re: [cclan-list] ASDF-Install patch to allow installation of unsigned packages
Andreas Fuchs
asf at boinkor.net
Thu May 24 16:03:01 UTC 2007
Todd wrote:
> I don't claim to be an expert on asdf-install, but this (allowing to
> install unsigned packages) seems directly counter to the spirit of it.
I'd like to second this. I suggest that instead of circumventing
asdf-install's already pretty thin layer of security features, it might
be more useful to promote mechanisms that ensure these features are not
forgotten by developers. (Shameless self-promotion: CLAPPA, which is due
to launch in a few weeks, disallows adding a package that isn't validly
signed by a known key; these keys can be downloaded from the clappa
service itself.)
Cheers,
--
Andreas Fuchs, (http://|im:asf@|mailto:asf@)boinkor.net, antifuchs
More information about the asdf-install-devel
mailing list