 
| Sender: |
|
| Date: |
Mon, 21 May 2007 18:40:03 +0100 |
| MIME-version: |
1.0 |
| Reply-To: |
|
| Content-type: |
TEXT/PLAIN; format=flowed; charset=US-ASCII |
| Subject: |
|
| From: |
|
| In-Reply-To: |
|
| Comments: |
|
| Parts/Attachments: |
|
|
On Mon, 21 May 2007, Troy Dawson wrote:
> Jon Peatfield wrote:
> ...
>>
>> I'm now puzzling over why the default seems to be to ship with all the
>> yum.repos.d/ entries having gpgcheck=0 surely the extra work of doing a
>> sig-check isn't so great is it?
>
> It's because java wasn't ever signed. In the past, we couldn't sign it
> without breaking it, so whenever that was turned on, it would yell and
> scream, and people couldn't update any package.
Oh! I'd always assumed it would just refuse to work with packages which
failed the sig-check not any package in the same repo!!
[ We have never cared about the java packages since we run with versions
we download/install direct from Sun anyway, but I understand that many
sites don't want to do that... ]
> With a new gnupg, we are now able to sign the java packages, so it's now a
> possiblity. We'll look into it in the next release.
One could always move packages which can't be signed into another repo,
but that may be just as much work.
-- Jon
|
|
|
