Comment 36 for bug 706011

@bobafett

The signatures are a nice feature for ensuring that the package is valid. It doesn't have to be totally 'secure' as it is a private internal network.

If you go back and read ALL of the comments, I think you'll note that I'm not requesting that things are made less secure, but that things are secured correctly.

If anything, this issue should be closed because it has been open for so many years and clearly pisses people off enough to create a fake account and make wild comments.