[Yum-devel] Re: yum and gpgcheck feature request

Wed Apr 6 20:07:24 UTC 2005

On Wed, Apr 06, 2005 at 02:14:28PM -0400, seth vidal wrote:
> if gpgcheck=0 then yum will not check for a gpg key nor for packages to
> be signed by any key.
> 
> if gpgcheck=1 then yum will check for a package to be signed AND that it
> matches a key.
> 
> where's the problem?

Hmm..so if the package is not signed, gpgcheck=1 will not allow
to install it? If it is so, then forget the feature reuqest :-)

>From the man page:
       gpgcheck
              Either '1' or '0'. This tells yum whether or not it should per-
              form a GPG signature check on packages. When this is set in the
              [main]  section  it sets the default for all repositories. This
              option also determines whether or not an install of  a  package
              from  a  local  RPM  file  will  be  GPG signature checked. The
              default is '0'.

If the package is not signed, rpm-program will accept it even with
--checksig without warnings, which I think is abit dangerous.
But if yum will not allow non signed packages with "gpgcheck=1" then it
is ok.