On Sun, 2008-10-12 at 17:33 +0000, Kevin Kofler wrote: > > "UnsignedPackages=abort" is insane, unless you intend to abort only for > packages in a repository configured for signature checking. It always aborts if a package isn't signed in a signed repo. > ...packages from some third-party non-repository download site (which > are definitely a security risk, but which won't go away no matter how much > you'd like them to Sure, but at that point I absolve all guilt of any security breach. Having packages automatically downloaded and installed can be both a blessing and a curse. Perhaps making it harder for people to provide unsigned repos might be a good idea long term. Controversial I know. Of course, this is with my PackageKit maintainer hat on, not my fedora or red hat on. Richard. -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
