Package warning - Rawhide
Richard Hughes
hughsient at gmail.com
Sun Oct 12 17:37:50 UTC 2008
On Sun, 2008-10-12 at 17:33 +0000, Kevin Kofler wrote:
>
> "UnsignedPackages=abort" is insane, unless you intend to abort only for
> packages in a repository configured for signature checking.
It always aborts if a package isn't signed in a signed repo.
> ...packages from some third-party non-repository download site (which
> are definitely a security risk, but which won't go away no matter how much
> you'd like them to
Sure, but at that point I absolve all guilt of any security breach.
Having packages automatically downloaded and installed can be both a
blessing and a curse. Perhaps making it harder for people to provide
unsigned repos might be a good idea long term.
Controversial I know. Of course, this is with my PackageKit maintainer
hat on, not my fedora or red hat on.
Richard.
More information about the fedora-devel-list
mailing list