On 06/22/16 11:59, Gordon Messmer wrote: > I'll admit that the risk is hypothetical, but what does rpmfusion's flux > have to do with the risk of allowing unsigned packages? It was only one package that was unsigned, and it came from rpmfusion, and they are in the middle of putting up an new infrastructure. So not unthinkable a package had slipped thru unsigned. > > (Bearing in mind, that flag is global. You told dnf to ignore > signatures for all package, on all repos.) Yes, except that it was just the one package and, while I did not mention it, I checked some of the downloaded rpm's in the cache. Yes, it probably would have been a "better" idea to disable the gpgcheck in the rpmfusion repo. -- You're Welcome Zachary Quinto -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://lists.fedoraproject.org/admin/lists/users@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org