Rober Morales <[EMAIL PROTECTED]> writes: >> > It'll reduce the security of machine since won't make difference if >> > the key is or not know before you upgrade or install a package. >> >> Agreed; an idea might be to import the key to some "untrusted" keyring, >> and allow the user to add it to the "trusted" list after giving some >> stern lecture why you shouldn't trust anyone. >> > > APT already continue with the install/upgrade if the user answer "Yes" to the > warning question. > > The new feature I want is to make possible the fact that apt can, /with/ the > user confirmation, import the key the package is signed with: > > WARNING: The key 0BDCEXXXXXXXXXXXX is not known: Install anyway? Yes/[No]: > Yes > > WARNING: Do you want APT import the key to your keyring now? Yes/[No]: > Yes
I see your point but I still think that shouldn't be too easy to someone to add a key on the trusted keyring otherwise most of people will just start to do that too much. Besides, as Simon said, would be good to warn the user why this is dangerous and why he/she should avoid to use non-official packages. I personally see why you would like to have it but I don't think the price that we might pay is enough... :( -- O T A V I O S A L V A D O R --------------------------------------------- E-mail: [EMAIL PROTECTED] UIN: 5906116 GNU/Linux User: 239058 GPG ID: 49A5F855 Home Page: http://www.freedom.ind.br/otavio --------------------------------------------- "Microsoft gives you Windows ... Linux gives you the whole house." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]