On Sat, 16 Jul 2005, Florin Andrei wrote: > On Fri, 2005-07-15 at 20:41 -0400, Tom Diehl wrote: > > On Fri, 15 Jul 2005, Florin Andrei wrote: > > > > > > It would be nice if there was a way to temporarily disable, on the CLI, > > > the GPG check. At least for the local package, and keep GPG enabled for > > > remote packages. Or something like that. > > > Instead of adding more complexity to yum why not simply add --sign > > to your rpmbuild command line and put the sig in your rpm db? > > That would work for packages that I made myself. But how about 3rd party > packages? > The big repos are using GPG, but people who just happen to maintain a > few RPMs very rarely do. Ok, but what is wrong with adding gpgcheck=0 to the repo you do not want the checks to be done on? OTOH, if you trust them enough to install the packages in the first place, why not just sign the packages yourself. At least then you are reasonably sure the package you think you are installing is the one that gets installed. Regards, Tom Diehl tdiehl@xxxxxxxxxxxx Spamtrap address mtd123@xxxxxxxxxxxx
