[packagekit] Support for trusted packages in InstallPackages

Richard Hughes hughsient at gmail.com
Tue Jun 16 07:42:07 PDT 2009


On Tue, Jun 16, 2009 at 3:35 PM, Sebastian Heinlein<liste at glatzor.de> wrote:
> I would like to see support for separating between trusted and untrusted
> packages in the InstallPackages method. It should behave in the same way
> as in InstallFiles.

Yes, I have the same issue for Fedora rawhide, which is unsigned, and
always will be. This issue will become much more important when the
polkit1 branch gets merged, as then we will default for no prompt for
signed packages.

> By default trusted will be True. If the backend encounters a not trusted
> package it should raise BAD_GPG_SIGNATURE error and send the
> corresponding RepositorySignatureRequired signal.

Why the signal? If we do trusted=true on InstallFiles then we just get
an ErrorCode back, no?

> The frontend should in this case show a warning about the installation
> of untrusted software and provide an alternative button which allows to
> run InstallPackages with trusted = False.

Whilst I agree, this is a API break, and probably we'll need to branch
for 0.5.x before that. I'll start working in a private branch and we
can discuss the roadmap for 0.5.x later this week.

Richard.



More information about the PackageKit mailing list