FC3T2 up2date - <package> is not signed with a GPG signature
John Reiser
jreiser at BitWagon.com
Tue Sep 28 20:09:55 UTC 2004
William Hooper wrote:
> John Reiser said:
>>1. Wait until all packages have been downloaded before requiring
>>interactivity. Dribble the individual unsigned warnings into a list box as
>>they are detected, but do not pause for user OK until all packages have
>>been downloaded.
>
>
> up2date --nosig -du
I don't understand this suggestion. "--nosig" means do not use GPG to check
package signatures, and overrides the configuration option if any. However,
if the package has a signature, then I want up2date to check the signature.
Thus it seems that using --nosig will defeat the checking that could be done.
If a package has no signature, then I want up2date to post the package name
to a scrolling list box, but do not stop for interaction until all packages
have been downloaded. Neither "man up2date" nor any file in /usr/share/doc/
up2date* contains the string "du", so the argument "-du" seems to be undefined.
>
>>2. Automatically omit unsigned packages: from the download if possible,
>>else from the install. This may cause other package installls to fail
>>because of required dependencies, etc.
>
>
> How do you know if a package is signed without downloading it?
By having an agent (or summary file) at the repository which keeps track,
and having up2date query and use the information.
--
More information about the fedora-test-list
mailing list