On Mon, 31 Jan 2011, Thierry Vignaud wrote: > On 31 January 2011 16:03, nicolas vigier <[email protected]> wrote: > >> What if urpmi automatically trusts packages signed with a key signed by > >> board@ and prompt on the first install of a package that is signed by a > >> different key? The yum tool used by Fedora, RHEL, and CentOS works very > >> well by prompting on new keys. > > > > For PLF packages, they will now be included on Mageia repository, so > > most users should not need to use external repositories. However we > > can add an option or prompt to disable this check, or an option to > > manually add a new trusted key. As long as it's not automatically > > downloaded from the mirror without asking for any confirmation. > > uh? what about patents? > unless it's a separate repo ?
Yes, it's a separate repository, the tainted repository : http://www.mageia.org/wiki/doku.php?id=mirrors_policy
