On Sunday, 26 December 2021 11:25:21 GMT Roberto Sassu via devel wrote: > > From: Dan Čermák [mailto:dan.cer...@cgc-instruments.com] > > Sent: Sunday, December 26, 2021 7:10 AM > > Ben Cotton <bcot...@redhat.com> writes: > > > > *snip* > > > == Upgrade/compatibility impact == > > > The user should ensure that software (not updated) from the old > > > distribution is packaged and the package header is signed, or he > > > should create and sign a custom digest list for the software he wishes > > > to use after the upgrade. > > > > > > Uhm, so locally/manually installed software (i.e. not signed by Fedora's > > signkeys) will silently break when switching to F36? How about 3rd party > > repositories? > > > This is the main point of the feature. It aims to protect the user > against untracked software spread in the disk, and to make him > accept the software he wants to run. > > Most likely, initially this process will be manual (there is a tool > to generate a custom digest list). In the future, DIGLIM can > be extended (in user space) to recognize the integrity information > provided by the software developer. > A concrete case:
I use Fedora, a third-party repository, and a private repository for my systems. The private repository is unsigned - it's just created via createrepo, and contains RPMs I've built with mock locally. What do I need to do if this feature is accepted, in order to not see any impact? If I need to change any of the repositories I use and trust, can you point me to step-by-step instructions I need to follow? -- Simon _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
