On Thu, 22 Dec 2011 11:53:38 +0100 Thomas Bächler <[email protected]> wrote:
> Am 22.12.2011 11:26, schrieb Allan McRae: > > Use to override the global SigLevel value for upgrade operations. > > > > e.g. when installing a package without a signature: > > > > Fails to install: > > SigLevel = Optional > > UpgradeSigLevel = Required > > > > Fails to install: > > SigLevel = Required > > > > Installs: > > SigLevel = Required > > UpgradeSigLevel = Optional > > > > Installs: > > SigLevel = Optional > > I'll repeat some things that I said in the bug report - I have no idea > if this is feasible and should be done now: > > I would love to distinguish between -U <local file> and -U <URL>. The > rationale is that I want automatically the highest security when I > download something (meaning: 'Required' for -U <URL>) but more > convenience when installing a local package that I build from AUR and > thus never signed (meaning: 'Optional' for -U <local file>). just some thoughts.. if you built a package yourself, you can also just sign it and verify the signature when installing. though this is a bit more computationally intensive... also, what if somebody sends you a package by mail or through some other medium than http? then it will also be the '-U <local file>' case but very different from the other '-U <local file>' case where you built yourself. Dieter
signature.asc
Description: PGP signature
