I think a public build server will resolve many unknowns. Imagine the build server only accepts a URL to the source tar ball. That URL is associated with the compiled RPM so that download users may verify the source URL. We'll also maintain a list of domain prefixes that the build server may use to get sources. Then it won't really matter who built the RPM - the source is verified and the build environment is trusted.
Zlatko --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
