Skipped PGP checks - but not sure which package or repo #1311
Comments
jan-kolarik
added
Priority: LOW
Triaged
|
I believe that it simply pertains repositories which have signature verification disabled. (Either specifically in the repository configuration, or globally for all of them.) Otherwise, RPM would reject installing that package. If somebody will ever implement listing the packages, bear in mind the list can amount hundreds of packages, typically when installing packages directly from Koji repositories. In that case the output would be pretty annoying. Especially when the user consented to no verification before invoking DNF. If the current message indeed corresponds to repository configuration, it would be better to list the affected repositories, preferably before the user confirms the transaction, instead of listing packaged after the sin^Wtransaction was committed. |
|
What about to only extend message and include IDs of repositories, because as it was mentioned skipping is not per package property, but per repository including commandline repository. What about something like |
Don't we want to drop the warning, then? I mean, if I (intentionally) use |
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. The behavior is related to configuration options which some of them are repo specific or specific for commandline repository. If user wants to verify everything, the hint provides sufficient information which configuration of repository should be modified. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. The behavior is related to configuration options which some of them are repo specific or specific for commandline repository. If user wants to verify everything, the hint provides sufficient information which configuration of repository should be modified. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. The behavior is related to configuration options which some of them are repo specific or specific for commandline repository. If user wants to verify everything, the hint provides sufficient information which configuration of repository should be modified. Closes: #1311
It would be nice if DNF5 admitted what packages are guilty.
The text was updated successfully, but these errors were encountered: