[packagekit] GPG keys

Robin Norwood rnorwood at redhat.com
Thu Oct 4 12:48:04 PDT 2007


Richard Hughes <hughsient at gmail.com> writes:

> On Thu, 2007-10-04 at 15:10 -0400, Robin Norwood wrote:
>> Just checked in a first try at the RepoSignatureRequired signal.  Only
>> supported in the dummy backend until I figure out how to do it for the
>> yum one.
>> 
>> Also, comments + flames appreciated.
>
> Looks good to me. We still need to work out the UI text for this, ideas
> welcome. Thanks!

First try:

"""
Signed Packages

You are installing software packages which include a cryptographic
signature.  This signature is intended to ensure that software installed
on your system is from a trusted source, and has not been tampered with.
Before this software can be installed, you must indicate that you trust
the source of the packages.  The following information is provided by
the repository you are installing software from.  If you trust the
software provided by the person or organization below, you can import
the key described below.  This key will be used to verify that packages
installed from this repository were signed by the person matching the
key, and have not been tampered with.  You can also disable signature
checking by ...

{{signature information}}

                                [ Cancel ] [ Import key and continue ]

"""

Blah.  Too wordy, but I tried to include the important details while
still being generic and not too technical.  The last sentance assumes we
have support for disable checking at some point.

-RN

-- 
Robin Norwood
Red Hat, Inc.

"The Sage does nothing, yet nothing remains undone."
-Lao Tzu, Te Tao Ching


More information about the PackageKit mailing list