Hi folks, So I'm trying to put the repomd.xml signing into yum and I'm stuck on a non-code issue - it's more about policy.
So if you have a repo like: [foo] name=foo baseurl=... gpgcheck=1 and the repomd.xml is NOT signed do we fail out? now, my initial response is yes, but it means all those repos with unsigned repomd.xml will suddenly fail even though the pkgs are signed. If we don't fail out then we have to add _something_ to tell the repo to also fail on invalid repomd.xml signature. I don't like this option overly much but not failing on a gpg signature missing seems like the wrong thing, too. suggestions welcome? -sv _______________________________________________ Yum-devel mailing list [email protected] https://lists.dulug.duke.edu/mailman/listinfo/yum-devel
