[packagekit] Signed packages again again

Richard Hughes hughsient at gmail.com
Thu Nov 15 14:44:00 PST 2007

On Thu, 2007-11-15 at 17:26 -0500, David Zeuthen wrote:
> On Thu, 2007-11-15 at 22:19 +0000, Richard Hughes wrote:
> > It looks like you are not using git from the developer repo. update is
> > now update-package and update-system.
> I'm using the Rawhide version, sorry!

Pahh, newbie. :-)

> > > I'm not sure where that is codified. Maybe introduce new actions
> > > 
> > >  org.freedesktop.packagekit.install-unsigned
> > >  org.freedesktop.packagekit.localinstall-unsigned
> > > 
> > > Thoughts?
> > 
> > Define signed. Signed by who?
> Good point. Signed is a bad name and actually don't reflect what I mean.
> I suppose what I'm after is
>  org.freedesktop.packagekit.install-untrusted
> where "untrusted" means that the package isn't signed by a key that the
> user has decided to trust. Specifically for rpm this means that the user
> hasn't done 'rpm --import <key>' for the key the package is signed with.
> Specifically if the rpm isn't signed, this action will be needed. Does
> that make more sense?

Sure, that makes more sense.

> Probably yum legends can comment on how hard this is to check?

Well, we have to check all the things it depends on; for instance if we
have to install an unsigned package as a dep to a signed package is that
unsigned or signed?

> I don't particular like the term "untrusted" but I suck at naming and
> couldn't come up with something better. Thoughts?

Trusted is better than signed i guess.


More information about the PackageKit mailing list