[packagekit] Signed packages again again

David Zeuthen david at fubar.dk
Thu Nov 15 14:26:51 PST 2007


On Thu, 2007-11-15 at 22:19 +0000, Richard Hughes wrote:
> It looks like you are not using git from the developer repo. update is
> now update-package and update-system.

I'm using the Rawhide version, sorry!

> > I'm not sure where that is codified. Maybe introduce new actions
> > 
> >  org.freedesktop.packagekit.install-unsigned
> >  org.freedesktop.packagekit.localinstall-unsigned
> > 
> > Thoughts?
> 
> Define signed. Signed by who?

Good point. Signed is a bad name and actually don't reflect what I mean.
I suppose what I'm after is

 org.freedesktop.packagekit.install-untrusted

where "untrusted" means that the package isn't signed by a key that the
user has decided to trust. Specifically for rpm this means that the user
hasn't done 'rpm --import <key>' for the key the package is signed with.
Specifically if the rpm isn't signed, this action will be needed. Does
that make more sense?

Probably yum legends can comment on how hard this is to check?

I don't particular like the term "untrusted" but I suck at naming and
couldn't come up with something better. Thoughts?

      David





More information about the PackageKit mailing list