2011/1/31 nicolas vigier <[email protected]>: > On Sun, 30 Jan 2011, Motoko-chan wrote: >> What if urpmi automatically trusts packages signed with a key signed by >> board@ and prompt on the first install of a package that is signed by a >> different key? The yum tool used by Fedora, RHEL, and CentOS works very >> well by prompting on new keys. > > For PLF packages, they will now be included on Mageia repository, so > most users should not need to use external repositories. However we > can add an option or prompt to disable this check, or an option to > manually add a new trusted key. As long as it's not automatically > downloaded from the mirror without asking for any confirmation.
You definitely want to let people set up their own local package repositories or to use 3rd party repositories, for example I did it sometimes at Mandriva for some tests, and I want to do it again for internal work/proprietary packages. I'm ok with having rpm/urpmi telling you you're about to install packages with an unknown signature/... as long as you can override it and tell it to let you install the package. Christophe
