[Yum] gpg sig checking
Michael Stenner
mstenner at phy.duke.edu
Thu Apr 10 21:09:09 UTC 2003
On Thu, Apr 10, 2003 at 03:50:32PM -0400, seth vidal wrote:
> Hi all,
> So someone was kinda bugging me about making gpg sig checking a
> mandatory DEFAULT. I wanted to hear y'all responses.
>
> What if gpgcheck=1 was the default and if you set gpgcheck=0 yum would
> warn you about the danger of such actions?
>
> How annoying would that be to everyone?
>
> And would it really matter?
>
> are gpgsigs as ignored as I think they are?
I would find it helpful if you could tell us what practical impact
this would have on user/admins. What happens if some packages aren't signed?
What would users/admins have to do to make sure the appropriate sigs
are present? Can this be anabled/disable per-repository (I could
probably read the docs for that one)?
Basically, I suspect most of us understand the _security_ implications
of signed packages. I don't have a feel for the hassle factor,
though.
-Michael
--
Michael Stenner Office Phone: 919-660-2513
Duke University, Dept. of Physics mstenner at phy.duke.edu
Box 90305, Durham N.C. 27708-0305
More information about the Yum
mailing list