[packagekit] Signed packages again again

Richard Hughes hughsient at gmail.com
Thu Nov 15 15:15:43 PST 2007


On Thu, 2007-11-15 at 18:02 -0500, David Zeuthen wrote:
> The downside here is that in the worst case the user will see two auth
> dialogs; one for .allow-unchecked-signature and one for the action he's
> really trying to do. The alternative would be

Not cool. Two auth dialogs would get me shot by walters.

> which is a bit verbose... Thoughts?

My point was more how do we decide which package sigs are trusted? How
many repos don't have a foo-release.rpm file that installs the gpg
key[1]?

Richard

[1] exclude utopia because I'm lazy




More information about the PackageKit mailing list