Trusting repositories (was: Re: Announcing rpmfusion)
Sertaç Ö. Yıldız
sertac.liste at gmail.com
Wed Sep 12 22:36:57 UTC 2007
[12.Eyl.07 15:43 -0400] seth vidal:
>On Wed, 2007-09-12 at 21:42 +0200, Nicolas Mailhot wrote:
>> I hope yum has a check somewhere to forbid installation of unknown
>> default-on repositories.
>
> how on earth would yum know? Do you want yum to have special behavior
> if it detects a .repo file?
Not for .repo files, but it would be nice to check for GPG keys it
installs.
> If you cannot trust the repo then don't use it.
Building a chain of trust that way looks wrong.
--
~sertaç
More information about the fedora-devel-list
mailing list