[Mageia-discuss] How did i tell to urpmi.addmedia that a repo not have pubkey?
Dimitrios Glentadakis
dglent at gmail.com
Sat May 26 21:03:03 CEST 2012
Στις 26/05/2012 18:29:41 Johnny A. Solbu έγραψε:
>On Saturday 26 May 2012 19:14, José Alberto Valle Cid wrote:
>> we are not signing the packages
>
>Why not?
>Signing is the only way for your users to verify that the packages actually comes from you, and haven't been tampered with.
>I would not use any repo which didn't use signatures, and I suspect I'm not alone in this.
>
>
+1
It is nt very hard to sign packages and it is essential. However, if someone wants to install unsigned rpm he has to be able to do it in his responsibility
--
Dimitrios Glentadakis
More information about the Mageia-discuss
mailing list