[packagekit] Signed packages again again

Richard Hughes hughsient at gmail.com
Thu Nov 15 15:32:29 PST 2007

On Thu, 2007-11-15 at 18:25 -0500, David Zeuthen wrote:
> On Thu, 2007-11-15 at 18:19 -0500, David Zeuthen wrote:
> > PK can of course just say "not our problem, we only want to install
> > trusted packages, get the repo to sign the packages and make sure
> the
> > GPG keys are installed (= trusted)" but then PK is just not going to
> be
> > useful to a lot of people.... Just look at how often stable Fedora
> > updates repos ship unsigned packages... 
> Or maybe we can punt this; I mean, thinking more about it.. it is a
> special case and this can be added later... yes?

Well, I'm not sure it's super important to add now, although it
something that needs looking into, maybe from a more generic abstraction
point of view. The item in the TODO is still there. ;-)


More information about the PackageKit mailing list