Subject: | |
From: | |
Reply To: | |
Date: | Mon, 21 May 2007 18:40:03 +0100 |
Content-Type: | TEXT/PLAIN |
Parts/Attachments: |
|
|
On Mon, 21 May 2007, Troy Dawson wrote:
> Jon Peatfield wrote:
> ...
>>
>> I'm now puzzling over why the default seems to be to ship with all the
>> yum.repos.d/ entries having gpgcheck=0 surely the extra work of doing a
>> sig-check isn't so great is it?
>
> It's because java wasn't ever signed. In the past, we couldn't sign it
> without breaking it, so whenever that was turned on, it would yell and
> scream, and people couldn't update any package.
Oh! I'd always assumed it would just refuse to work with packages which
failed the sig-check not any package in the same repo!!
[ We have never cared about the java packages since we run with versions
we download/install direct from Sun anyway, but I understand that many
sites don't want to do that... ]
> With a new gnupg, we are now able to sign the java packages, so it's now a
> possiblity. We'll look into it in the next release.
One could always move packages which can't be signed into another repo,
but that may be just as much work.
-- Jon
|
|
|