[Mageia-dev] PGP keys and package signing

Thierry Vignaud thierry.vignaud at gmail.com
Mon Jan 31 16:38:27 CET 2011


On 31 January 2011 16:03, nicolas vigier <boklm at mars-attacks.org> wrote:
>> What if urpmi automatically trusts packages signed with a key signed by
>> board@ and prompt on the first install of a package that is signed by a
>> different key? The yum tool used by Fedora, RHEL, and CentOS works very
>> well by prompting on new keys.
>
> For PLF packages, they will now be included on Mageia repository, so
> most users should not need to use external repositories. However we
> can add an option or prompt to disable this check, or an option to
> manually add a new trusted key. As long as it's not automatically
> downloaded from the mirror without asking for any confirmation.

uh? what about patents?
unless it's a separate repo ?


More information about the Mageia-dev mailing list