[Yum] yum's awesome, ideas
Aleksander Demko
Aleksander.Demko at nrc-cnrc.gc.ca
Wed Jul 30 20:15:57 UTC 2003
On Tue, 2003-07-29 at 23:50, seth vidal wrote:
> > Lesser idea: should gpgcheck=1 not be the default for base/updates,
> with
> > a nice error message if they're missing the key? Seems a little more
> > secure.
>
> gpgcheck=1 is a rats nest.
>
> if you make it the default then the barrier to use is high.
>
> if you don't make it the default then you're horribly insecure.
>
> so either you alienate newer/less knowledgeable users or you alienate
> older/more knowledgeable users.
>
> choose one.
> :)
Redhat's up2date requires the key, and displays a nice message/offers to
do it ("rpm --import /usr/share/rhn/RPM-GPG-KEY") for you. yum could do
something similar, I guess, but now we're getting distro specific.
Definitely a trade off.
--
// Aleksander.Demko at nrc-cnrc.gc.ca ademko at nrc.ca scopira.org //
More information about the Yum
mailing list