On 04/05/2013 04:27 PM, Peter Lebbing wrote: > I have no idea how Red Hat does this, but it seems unlikely to me. It's > not connected to the internet, but signs the whole repository, and each > individual security update etcetera. Is there a guy who keeps going back > and forth with a USB stick between this terminal and another?
I do not know how they do it either. I assumed that each major release, that for Red Hat occurs only about every 18 months, they do sign each and every file in the repository. They probably have an automatic way to do that. And then someone sneakernets it over to the Internet-connected machines that do the downloads to the customers. For updates, I assume they do that to each file that has been touched and carry them over to the Internet-connected servers in a batch, say once a day. But maybe they resign and carry over everything in the repository to save the trouble of figuring out which have been touched and which have not. The whole release fits on one DVD. Recall that for Red Hat Enterprise Linux, with extremely few exceptions, they do not do enhancements: those are delayed until the next major release up to 18 months later. They only do bug and security fixes (and that time-zone file change). So once a day (or whenever the regression testing is completed successfully) some clerk can do the carry over at some time, presumably late at night. _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users