[packagekit] Signed packages again again
Richard Hughes
hughsient at gmail.com
Thu Nov 15 15:03:21 PST 2007
On Thu, 2007-11-15 at 17:52 -0500, David Zeuthen wrote:
> On Thu, 2007-11-15 at 22:44 +0000, Richard Hughes wrote:
> > > Probably yum legends can comment on how hard this is to check?
> >
> > Well, we have to check all the things it depends on; for instance if we
> > have to install an unsigned package as a dep to a signed package is that
> > unsigned or signed?
>
> I think if just one of the packages that is part of the transaction is
> untrusted, the whole transaction would be untrusted, yes?
Currently we check for permission then run the transaction. If we have
to check for the type after we do it then we have to resolve and
get-depends for each remove or update. This is likely to be slow...
Also, how do we define trusted?
Richard.
More information about the PackageKit
mailing list