[packagekit] Signed packages again again
Richard Hughes
hughsient at gmail.com
Thu Nov 15 14:44:00 PST 2007
On Thu, 2007-11-15 at 17:26 -0500, David Zeuthen wrote:
> On Thu, 2007-11-15 at 22:19 +0000, Richard Hughes wrote:
> > It looks like you are not using git from the developer repo. update is
> > now update-package and update-system.
>
> I'm using the Rawhide version, sorry!
Pahh, newbie. :-)
> > > I'm not sure where that is codified. Maybe introduce new actions
> > >
> > > org.freedesktop.packagekit.install-unsigned
> > > org.freedesktop.packagekit.localinstall-unsigned
> > >
> > > Thoughts?
> >
> > Define signed. Signed by who?
>
> Good point. Signed is a bad name and actually don't reflect what I mean.
> I suppose what I'm after is
>
> org.freedesktop.packagekit.install-untrusted
>
> where "untrusted" means that the package isn't signed by a key that the
> user has decided to trust. Specifically for rpm this means that the user
> hasn't done 'rpm --import <key>' for the key the package is signed with.
> Specifically if the rpm isn't signed, this action will be needed. Does
> that make more sense?
Sure, that makes more sense.
> Probably yum legends can comment on how hard this is to check?
Well, we have to check all the things it depends on; for instance if we
have to install an unsigned package as a dep to a signed package is that
unsigned or signed?
> I don't particular like the term "untrusted" but I suck at naming and
> couldn't come up with something better. Thoughts?
Trusted is better than signed i guess.
Richard.
More information about the PackageKit
mailing list