On Mon, 31 Jan 2011, Christophe Fergeau wrote: > 2011/1/31 nicolas vigier <[email protected]>: > > On Sun, 30 Jan 2011, Motoko-chan wrote: > >> What if urpmi automatically trusts packages signed with a key signed by > >> board@ and prompt on the first install of a package that is signed by a > >> different key? The yum tool used by Fedora, RHEL, and CentOS works very > >> well by prompting on new keys. > > > > For PLF packages, they will now be included on Mageia repository, so > > most users should not need to use external repositories. However we > > can add an option or prompt to disable this check, or an option to > > manually add a new trusted key. As long as it's not automatically > > downloaded from the mirror without asking for any confirmation. > > You definitely want to let people set up their own local package > repositories or to use 3rd party repositories, for example I did it > sometimes at Mandriva for some tests, and I want to do it again for > internal work/proprietary packages. I'm ok with having rpm/urpmi > telling you you're about to install packages with an unknown > signature/... as long as you can override it and tell it to let you > install the package.
Yes, we should add an option somewhere to allow this.
