[Mageia-discuss] How did i tell to urpmi.addmedia that a repo not have pubkey?

Dimitrios Glentadakis dglent at gmail.com
Sat May 26 21:03:03 CEST 2012

Στις 26/05/2012 18:29:41 Johnny A. Solbu έγραψε:
>On Saturday 26 May 2012 19:14, José Alberto Valle Cid wrote:
>> we are not signing the packages
>Why not?
>Signing is the only way for your users to verify that the packages actually comes from you, and haven't been tampered with.
>I would not use any repo which didn't use signatures, and I suspect I'm not alone in this.


It is nt very hard to sign packages and it is essential. However, if someone wants to install unsigned rpm he has to be able to do it in his responsibility

Dimitrios Glentadakis

More information about the Mageia-discuss mailing list