On Tue, Jan 5, 2021 at 1:51 PM Kevin Fenzi <kevin@xxxxxxxxx> wrote: > > On Tue, Jan 05, 2021 at 01:38:48PM -0500, Neal Gompa wrote: > > > > While having IMA is nice, can we *please* have repodata signing too? > > Why? It gets us nothing really... adds complexity and issues. > And IMA has the same problem. IMA is worse because it's so poorly understood that I doubt anyone knows how to even use it. > We would definiltey need to improve dnf's handling of signed repos > before we did at least. > No, we only need to do that to change the defaults so that we *always* use them. But those improvements will never happen as long as we don't have any repos that offer signed repodata. Signed repodata can be used by those who care about it as soon as it's available. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
