On 10 May 2011 23:09, Reuben K. Caron <[email protected]> wrote: > > On May 10, 2011, at 6:14 AM, Sridhar Dhanapalan wrote: > > Can we make it so that it only installs signed RPMs? Would that help? > > I signed manifest which includes a list of files would probably be more > feasible as you wouldn't have to alter the RPMs.
Good point. However, I was thinking along more simplistic lines. We could have have it so that one can only install RPMs signed with a signature[0] that is present in the RPM database. This would allow users to add their own RPMs, but prevent 'unofficial' ones from being installed. Sridhar [0] https://fedoraproject.org/keys _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
