gpg for pseudonymous users [was: Re: gpg for anonymous users - Alternative to the web of trust?]
jeandavid8 at verizon.net
Sat Apr 6 20:49:45 CEST 2013
On 04/06/2013 01:10 PM, Ryan Sawhill wrote:
> I wouldn't have to work at Red Hat to find your imagining of all this
> hilarious. No offense meant.
I am not offended; just ignorant of some of the details of this.
> What makes the most sense: that all packages are built on a handful of
> central build servers (individual maintainers building packages?
> seriously?) on a private network and that as part of that automated
> build process, the packages are signed. And then of course yes, some
> sort of manual process to push packages out to publicly-accessible
> servers for customers.
I guess we agree here. Perhaps not on the details. So that part must not
be hilarious, is it?
> Also, for the record, you're wrong about "with extremely few exceptions,
> they do not do enhancements: those are delayed until the next major
> release up to 18 months later". Most packages will stay at the same
> upstream version for the life of a RHEL major release,
> feature-enhancements still happen all the time with minor releases
> (every 6 months) and sometimes even sooner.
Well, the bug and security fixes can come out several times a day
(though that is not usual), and new RHEL kernels seem to be coming out
every month or so these days. But those are bug fixes and security
fixes. When I read their release notes on those things, they do not
describe enhancements on the kernel.
Similarly for things like postgresql, they may backport bug fixes but
they do not put in enhancements as far as I can tell.
Perhaps they enhanced Firefox, but that is not the usual thing. I notice
no enhancements for GnuCash that is quite a ways behind what other
distributions are using. They try to keep up with Java, but that is to
hope to keep up with the security failures in that.
>(Also, new major releases
> don't happen every 18 months.)
I know major releases do not happen exactly every 18 month. IIRC, they
said that was their goal. I know it was over two years for one of them
to come out.
More information about the Gnupg-users