[packagekit] Signed packages again again

David Zeuthen david at fubar.dk
Thu Nov 15 14:52:37 PST 2007


On Thu, 2007-11-15 at 22:44 +0000, Richard Hughes wrote:
> > Probably yum legends can comment on how hard this is to check?
> 
> Well, we have to check all the things it depends on; for instance if we
> have to install an unsigned package as a dep to a signed package is that
> unsigned or signed?

I think if just one of the packages that is part of the transaction is
untrusted, the whole transaction would be untrusted, yes?

     David





More information about the PackageKit mailing list