Richard Hughes <hughsient <at> gmail.com> writes:
> UnsignedPackages=abort|warn|allow
>
> What do you guys think. Upstream we set this to abort, and patch the
> package in rawhide to "allow" -- having F10 set to warn or abort.
"UnsignedPackages=abort" is insane, unless you intend to abort only for
packages in a repository configured for signature checking. We need to be able
to install unsigned packages which are not from some repository, like stuff
directly from Koji, stuff we just built (OK, I could sign that with the
repo.calcforge.org key, but not everyone has such a key already and
self-signing packages just to make PackageKit accept them adds no security
whatsoever), packages from some third-party non-repository download site (which
are definitely a security risk, but which won't go away no matter how much
you'd like them to: proprietary software is often distributed that way, and
unfortunately (it should get into the repos instead!) some specialty Free
Software too (I've seen the occasional RPM offered as a SourceForge download);
those sites almost never bother signing their packages, and even if they did,
the key would not be available to import from within PackageKit because there's
no repository configuration file, not to mention that adding some random site's
key as trusted might be counterproductive).
Kevin Kofler
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
