[Yum] Re: gpg sig checking
Axel Thimm
Axel.Thimm at physik.fu-berlin.de
Fri Apr 11 08:40:54 UTC 2003
On Thu, Apr 10, 2003 at 03:50:32PM -0400, seth vidal wrote:
> So someone was kinda bugging me about making gpg sig checking a
> mandatory DEFAULT. I wanted to hear y'all responses.
>
> What if gpgcheck=1 was the default and if you set gpgcheck=0 yum would
> warn you about the danger of such actions?
>
> How annoying would that be to everyone?
Hopefully enough to make people aware that there are signatures ... ;)
> And would it really matter?
>
> are gpgsigs as ignored as I think they are?
Possibly by a lot of end users, but this is a reason more to put them in, It
will help educate the community to use them more.
On the other hand there exists no real web of trust in that sense in rpm, so
an end user has to blindly accept a set of unverifyable keys. Still better
than nothing.
--
Axel.Thimm at physik.fu-berlin.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.baseurl.org/pipermail/yum/attachments/20030411/3f2f5958/attachment-0001.pgp
More information about the Yum
mailing list