[Mageia-dev] PGP keys and package signing

nicolas vigier boklm at mars-attacks.org
Mon Jan 31 16:42:59 CET 2011


On Mon, 31 Jan 2011, Thierry Vignaud wrote:

> On 31 January 2011 16:03, nicolas vigier <boklm at mars-attacks.org> wrote:
> >> What if urpmi automatically trusts packages signed with a key signed by
> >> board@ and prompt on the first install of a package that is signed by a
> >> different key? The yum tool used by Fedora, RHEL, and CentOS works very
> >> well by prompting on new keys.
> >
> > For PLF packages, they will now be included on Mageia repository, so
> > most users should not need to use external repositories. However we
> > can add an option or prompt to disable this check, or an option to
> > manually add a new trusted key. As long as it's not automatically
> > downloaded from the mirror without asking for any confirmation.
> 
> uh? what about patents?
> unless it's a separate repo ?

Yes, it's a separate repository, the tainted repository :
http://www.mageia.org/wiki/doku.php?id=mirrors_policy



More information about the Mageia-dev mailing list