[Yum] Repository Prioritization
Michael Stenner
mstenner at phy.duke.edu
Tue Aug 5 16:18:25 UTC 2003
On Tue, Aug 05, 2003 at 10:47:22AM -0500, Aleksander Demko wrote:
> On Sat, 2003-08-02 at 09:09, Michael Stenner wrote:
> > gpgcheckbonus = 10 # added if gpgcheck is on
>
> Just 10? So, a non-gpgcheck repository can override rpms that I receive
> from a gpgcheck repository? I realize this is probably what happens now,
> but wouldn't it be more secure/understandable to only use the gpgcheck
> repo when they're provided for certain rpms? Of course, this dooes not
> help the case where people provide signed rpms, but using a different
> key than say Red Hat. Ugh.
>
> Or am I the only one that doesn't replace rpms that came with redhat
> with say ximian stuff, etc? :)
The specific example you quote above was only intended as example
syntax for a possible form of package/repository scoring. I was not
making any claims about the value of gpg-checking. You can make the
number -10 or 10000000 and it would make my point just as well.
-Michael
--
Michael Stenner Office Phone: 919-660-2513
Duke University, Dept. of Physics mstenner at phy.duke.edu
Box 90305, Durham N.C. 27708-0305
More information about the Yum
mailing list