[packagekit] Signed packages again again

David Zeuthen david at fubar.dk
Thu Nov 15 15:16:40 PST 2007

On Thu, 2007-11-15 at 23:15 +0000, Richard Hughes wrote:
> On Thu, 2007-11-15 at 18:02 -0500, David Zeuthen wrote:
> > The downside here is that in the worst case the user will see two auth
> > dialogs; one for .allow-unchecked-signature and one for the action he's
> > really trying to do. The alternative would be
> Not cool. Two auth dialogs would get me shot by walters.
> > which is a bit verbose... Thoughts?
> My point was more how do we decide which package sigs are trusted? How
> many repos don't have a foo-release.rpm file that installs the gpg
> key[1]?

None, but I'm trying to explain to the powers that be that such a thing
should be encouraged. Just read the bug report; it's basically backwards
_not_ to do it.


More information about the PackageKit mailing list