[packagekit] Signed packages again again
Richard Hughes
hughsient at gmail.com
Thu Nov 15 15:15:43 PST 2007
On Thu, 2007-11-15 at 18:02 -0500, David Zeuthen wrote:
> The downside here is that in the worst case the user will see two auth
> dialogs; one for .allow-unchecked-signature and one for the action he's
> really trying to do. The alternative would be
Not cool. Two auth dialogs would get me shot by walters.
> which is a bit verbose... Thoughts?
My point was more how do we decide which package sigs are trusted? How
many repos don't have a foo-release.rpm file that installs the gpg
key[1]?
Richard
[1] exclude utopia because I'm lazy
More information about the PackageKit
mailing list