On Mon, 2025-03-10 at 16:42 +0100, Florian Weimer wrote: > > * The most noticeable change is that RPM now refuses to install > > packages whose signature hasn't been positively verified, whether due > > to being unsigned, missing key or otherwise. This can be worked around > > by supplying `--nosignature` on the command line, or more permanently, > > changing the `%_pkgverify_level` macro to the former default of > > `digest`, but these should be only temporary measures, users are > > encouraged to import necessary keys and/or setup automatic signing for > > their (local) builds instead. > > Does this impact installations via “dnf install”? I would assume so, since rpm is still under dnf in the end. > What's the impact on typical Fedora CI tests? We would need to make sure the CI systems download signed packages, somehow. AFAIK they currently don't. openQA certainly doesn't. I've been working on https://github.com/fedora-infra/bodhi/pull/5859 to help with this, but there turned out to be some subtleties that I didn't have time to deal with yet (and then I went on vacation). -- Adam Williamson (he/him/his) Fedora QA Fedora Chat: @adamwill:fedora.im | Mastodon: @adamw@xxxxxxxxxxxxx https://www.happyassassin.net -- _______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
