Re: freshmeat editorial about package management security issues

[jeff covey <jeff.covey@pobox.com>]

on Wed, May 10, 2000 at 10:38:24AM -0400%, Jeff Johnson said:

    JeffC> Red Hat only provides a limited subset of the software
    JeffC> available in the RPM format.

    JeffJ> Um, almost all, if not all, binary software distributed by
    JeffJ> Red Hat (I do not speak about Cygnus, yet) is in rpm
    JeffJ> package format with signatures.

It seems you're reading what you want to see instead of what I wrote.
I said that Red Hat's RPMs make up only a subset of the software which
is available in RPM packages, and that people will therefore be, of
necessity, downloading RPMs from sources other than you, possibly
overwriting your own packages, and I was asking whether issues of
security related to this are taken into account in RPM's design.

Thanks for all your help!