On Tue, 2003-07-29 at 23:50, seth vidal wrote:
> > Lesser idea: should gpgcheck=1 not be the default for base/updates,
> with
> > a nice error message if they're missing the key? Seems a little more
> > secure.
>
> gpgcheck=1 is a rats nest.
>
> if you make it the default then the barrier to use is high.
>
> if you don't make it the default then you're horribly insecure.
>
> so either you alienate newer/less knowledgeable users or you alienate
> older/more knowledgeable users.
>
> choose one.
> :)
Redhat's up2date requires the key, and displays a nice message/offers to
do it ("rpm --import /usr/share/rhn/RPM-GPG-KEY") for you. yum could do
something similar, I guess, but now we're getting distro specific.
Definitely a trade off.
--
// Aleksander.Demko@xxxxxxxxxxxxxx ademko@xxxxxx scopira.org //
