[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New PackageKit and gnome-packagekit in F9 soon



On Mon, 2008-07-07 at 23:29 +0100, Richard Hughes wrote:
> On Mon, 2008-07-07 at 19:52 +0200, Martin Sourada wrote:
> >  * It always asks for authentication and there is no option to remember
> > the authentication when it discovers thath the package is not signed. Is
> > it intentional?
> 
> Yup, there's a security hole (potentially) if we allow the auth to be
> retained for unsigned files.
> 
Thanks for clarifying.

> >  * The window with update progress closes itself after I give the needed
> > permissions to install and as a result I am not notified of the update
> > result. I can reopen the window via the notify icon though...
> 
> How did you launch the update? Using the icon or using the Update
> software tool?
> 
As I said, it's about local rpms, which means I launched it by
double-clicking on the rpm. Normal updates (launched either by the
Update software or from notify) does not suffer that issue. IIRC the
same happens for installing (i.e. when the some other version of the
package is not installed yet) local packages via the Package Installer
tool. The window closes right after the authenticating is done.

> Hmm. If you can reproduce, could you run "pkcon update" in the console
> please, and post the output.
> 
That would probably require me to find the broken package (if it's still
in koji), downgrade to some previous version, disable the updates and
updates-testing repo, create local repo, enable it, put that package
into it and try the update. Hehe, a lot of work, I'll see what I can do
(tomorrow) :)

> Thanks,
> 
> Richard.
Martin

Attachment: signature.asc
Description: This is a digitally signed message part


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]