If the packages in Rawhide are not signed aren't rawhide users vulnerable to man-in-the-middle attacks?
Worse it also allows mirrors to send out malicious packages to certain users, as the package will not be checked by the end user? I really think all the packages in Rawhide should be signed before being pushed out the end user. -- devel mailing list devel@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
