Package warning - Rawhide

Richard Hughes hughsient at gmail.com
Sun Oct 12 17:37:50 UTC 2008


On Sun, 2008-10-12 at 17:33 +0000, Kevin Kofler wrote:
> 
> "UnsignedPackages=abort" is insane, unless you intend to abort only for 
> packages in a repository configured for signature checking.

It always aborts if a package isn't signed in a signed repo.

> ...packages from some third-party non-repository download site (which 
> are definitely a security risk, but which won't go away no matter how much 
> you'd like them to

Sure, but at that point I absolve all guilt of any security breach.
Having packages automatically downloaded and installed can be both a
blessing and a curse. Perhaps making it harder for people to provide
unsigned repos might be a good idea long term.

Controversial I know. Of course, this is with my PackageKit maintainer
hat on, not my fedora or red hat on.

Richard.





More information about the fedora-devel-list mailing list