On Fri, 2004-11-05 at 01:28 -0600, Satish Balay wrote: > > On Fri, 5 Nov 2004, seth vidal wrote: > > > This is just based on keys in your rpmdb. > > > > The idea is this: > > > > if you have 3 repos available to yum. > > > > They are signed with 3 separate gpg keys. So you've imported all the > > keys into your rpmdb. The whole point of the feature I described before > > is so you can say: > > > > the only packages I want from this repository are signed with _this_ > > key. If you get a package from this repository that is signed with any > > other key, even if I have that key in my rpmdb, don't trust it. > > Ok - here you are saying EACH package is signed. And this pacakge > signature is the one thats compared. > > The inferences I get from the above are: > > - all packages from all repos should be signed (ideally) > - if an unsigned package is part of the dep-resolve list - then yum > just aborts the transaction > - (Obviously - the main feature) if the 'key' doesn't match the one > seecified for this repo in yum.conf - the transaction is aborted. > > I do like this new feature. A couple of questions remain. > > - Where does sigining 'metadata' fit in here? > > - And this scheme would require rawhide pacakges also to be signed > with some key. (or am I misreading this?) > let's be clear. I'm not proposing anything. I'm just describing an RFE I've gotten before and that I've written some of the code for. It in no way reflects what I think policy should be or is. it has nothing to do with metadata signing. I was just muddying the discussion somewhat. -sv