Trusting repositories (was: Re: Announcing rpmfusion)

Sertaç Ö. Yıldız sertac.liste at
Wed Sep 12 22:36:57 UTC 2007

[12.Eyl.07 15:43 -0400] seth vidal:
>On Wed, 2007-09-12 at 21:42 +0200, Nicolas Mailhot wrote:
>> I hope yum has a check somewhere to forbid installation of unknown
>> default-on repositories.
> how on earth would yum know? Do you want yum to have special behavior 
> if it detects a .repo file?

Not for .repo files, but it would be nice to check for GPG keys it 

> If you cannot trust the repo then don't use it.

Building a chain of trust that way looks wrong.


More information about the fedora-devel-list mailing list