A tricky case is when you mix local builds and downloaded packages in a single
transaction. For example `dnf install ./some-locally-built.rpm` when that
package requires some extra dependencies to be downloaded and installed. In my
specific case, I have a local repository set (with
> > Personally, I would consider being able to disable this on a per-package
> > basis a good idea, but it isn’t a blocker.
>
> How is `--nosignature` failing to achieve that as it is?
It does for `rpm(8)`, but not for `dnf(8)`.
--
You are receiving this because you are subscribed to this
> Personally, I would consider being able to disable this on a per-package
> basis a good idea, but it isn’t a blocker.
How is `--nosignature` failing to achieve that as it is?
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on
> Rpm actually already verifies signatures _if present_ by default since 4.0 or
> thereabouts, but it doesn't _require_ them. Enforcing is supported since >=
> 4.14.2 and we also have the bypass-switch (--nosignature) already, so from
> strict technical perspective this is just a matter of one
Rpm actually already verifies signatures *if present* by default since 4.0 or
thereabouts, but it doesn't *require* them. Enforcing is supported since >=
4.14.2 and we also have the bypass-switch (--nosignature) already, so from
strict technical perspective this is just a matter of one line