On Sat, 2003-08-02 at 09:09, Michael Stenner wrote: > gpgcheckbonus = 10 # added if gpgcheck is on Just 10? So, a non-gpgcheck repository can override rpms that I receive from a gpgcheck repository? I realize this is probably what happens now, but wouldn't it be more secure/understandable to only use the gpgcheck repo when they're provided for certain rpms? Of course, this dooes not help the case where people provide signed rpms, but using a different key than say Red Hat. Ugh. Or am I the only one that doesn't replace rpms that came with redhat with say ximian stuff, etc? :) -- // Aleksander.Demko@xxxxxxxxxxxxxx ademko@xxxxxx scopira.org //
