[Mageia-discuss] How did i tell to urpmi.addmedia that a repo not have pubkey?
Johnny A. Solbu
cooker at solbu.net
Sat May 26 19:29:41 CEST 2012
On Saturday 26 May 2012 19:14, José Alberto Valle Cid wrote:
> we are not signing the packages
Why not?
Signing is the only way for your users to verify that the packages actually comes from you, and haven't been tampered with.
I would not use any repo which didn't use signatures, and I suspect I'm not alone in this.
--
Johnny A. Solbu
PGP key ID: 0xFA687324
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/mageia-discuss/attachments/20120526/f6cadf4b/attachment.asc>
More information about the Mageia-discuss
mailing list