On Thu, 2009-11-19 at 10:38 -0700, Michael Torrie wrote: > Clint Savage wrote: > > A little sidenote. If you are disabling the signed packages in your > > enterprise, you are doing it wrong. Build RPMS with a signed gpg key > > is just a matter of --sign and that's all. If you are doing untrusted > > packages, it can be very risky even if you are doing it within your > > own environment without any outside influences. > > No, I'd disable the allowing of installation of packages, signed or > otherwise, in an enterprise environment. That was kind of my point of > the rant. For 99% of all non-enterprise users the default F12 policy > makes a lot of sense.
Clint was not clear. He wasn't advocating allowing users to install any package they want. He was advocating for signing packages. Or in other words, he was opposed to disabling YUM's GPG checks for custom built packages in a local repo. -- "XML is like violence: if it doesn't solve your problem, you aren't using enough of it." - Chris Maden -------------------- BYU Unix Users Group http://uug.byu.edu/ The opinions expressed in this message are the responsibility of their author. They are not endorsed by BYU, the BYU CS Department or BYU-UUG. ___________________________________________________________________ List Info (unsubscribe here): http://uug.byu.edu/mailman/listinfo/uug-list
