rnorwood at redhat.com
Mon Apr 14 09:52:27 PDT 2008
On Mon, 14 Apr 2008 11:58:49 -0400
Jesse Keating <jkeating at redhat.com> wrote:
> On Mon, 2008-04-14 at 15:46 +0100, Richard Hughes wrote:
> > Well, some packagers don't sign their packages (myself as an
> > example) although that might be a good way to start enforcing
> > people like me to!
> Rawhide will continually have unsigned packages until we get a signing
> server in place. Developer done scratch builds may too. Requiring
> gpg signed (and then client imported) packages for everything seems a
> bit... much. This is why yum has the config option and cli flag to
> not care about gpg.
I agree. I think that we should allow the user to install
non-gpg-signed packages, but require the root password each time. For
signed, trusted packages, we should give the option to keep the
Red Hat, Inc.
"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching
More information about the PackageKit