[packagekit] libpackagekit-gnome
Matthias Clasen
matthias.clasen at gmail.com
Mon Apr 14 06:59:51 PDT 2008
On Mon, Apr 14, 2008 at 8:11 AM, Richard Hughes <hughsient at gmail.com> wrote:
>
> Another way of doing this might be to have:
>
> * InstallRepoSignature needs to not be able to remember a password
> * InstallFile needs to return an error and fail if it tries to install a
> local unsigned file - this can stay as a remember by default (see below)
> * InstallFileUnsigned needs to be created to allow this file to be
> installed, but not be allowed to keep the auth for the session or
> system.
>
> How about that?
If we are in agreement that none of update-system, update-package,
install-package or install-file should allow installing untrusted (ie
either unsigned or signed with an untrusted key) packages, this should
be clearly documented somewhere.
Why do we need InstallFileUnsigned when we can already do the "GPG dance" ?
More information about the PackageKit
mailing list