[packagekit] Signed packages again again
Robin Norwood
rnorwood at redhat.com
Fri Nov 16 06:36:01 PST 2007
Richard Hughes <hughsient at gmail.com> writes:
> On Thu, 2007-11-15 at 18:17 -0500, Matthias Clasen wrote:
>> In the use-cases PK is designed for, all updates should be "trusted", no ?
>
> This is what I'm thinking also. If the user has installed a bad repo
> file then I think we've lost already.
Well, lost as in we need to provide a useful error message - "Repository
foo is providing package bar, which is not signed with trusted
signature.
<link to more info>
<remove repository> <cancel>
"
-RN
--
Robin Norwood
Red Hat, Inc.
"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching
More information about the PackageKit
mailing list