On Fri, 2013-08-16 at 11:00 +0200, Zdenek Pavlas wrote: > This is probably much cleaner than mis-using assumeyes=True. > Not sure whether we should enable this by default (probably not).
Been thinking about this and I'm still not sure. On the one hand yum-cron will already randomly install anything newer it finds in any repo. ... so installing new keys by default makes some kind of sense. On the other hand, adding all new keys without any oversight seems kind of bad from a security point of view. Esp. as it'd do CA keys, and all GPG keys are global. If we add a new option I think it should be a yum option that yum-cron just turns on though, and if we want to default it to off then with the patch to allow generic overrides we might as well just tell people to use assumeyes. On by default does make some sense though, I guess we should probably ping some Fedora security people and see what they think. _______________________________________________ Yum-devel mailing list Yum-devel@lists.baseurl.org http://lists.baseurl.org/mailman/listinfo/yum-devel
