On Thu, Apr 10, 2003 at 03:50:32PM -0400, seth vidal wrote: > Hi all, > So someone was kinda bugging me about making gpg sig checking a > mandatory DEFAULT. I wanted to hear y'all responses. > > What if gpgcheck=1 was the default and if you set gpgcheck=0 yum would > warn you about the danger of such actions? > > How annoying would that be to everyone? > > And would it really matter? > > are gpgsigs as ignored as I think they are? I would find it helpful if you could tell us what practical impact this would have on user/admins. What happens if some packages aren't signed? What would users/admins have to do to make sure the appropriate sigs are present? Can this be anabled/disable per-repository (I could probably read the docs for that one)? Basically, I suspect most of us understand the _security_ implications of signed packages. I don't have a feel for the hassle factor, though. -Michael -- Michael Stenner Office Phone: 919-660-2513 Duke University, Dept. of Physics mstenner@xxxxxxxxxxxx Box 90305, Durham N.C. 27708-0305
