-
Notifications
You must be signed in to change notification settings - Fork 72
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Skipped PGP checks - but not sure which package or repo #1311
Comments
I believe that it simply pertains repositories which have signature verification disabled. (Either specifically in the repository configuration, or globally for all of them.) Otherwise, RPM would reject installing that package. If somebody will ever implement listing the packages, bear in mind the list can amount hundreds of packages, typically when installing packages directly from Koji repositories. In that case the output would be pretty annoying. Especially when the user consented to no verification before invoking DNF. If the current message indeed corresponds to repository configuration, it would be better to list the affected repositories, preferably before the user confirms the transaction, instead of listing packaged after the sin^Wtransaction was committed. |
What about to only extend message and include IDs of repositories, because as it was mentioned skipping is not per package property, but per repository including commandline repository. What about something like |
Don't we want to drop the warning, then? I mean, if I (intentionally) use |
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. The behavior is related to configuration options which some of them are repo specific or specific for commandline repository. If user wants to verify everything, the hint provides sufficient information which configuration of repository should be modified. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. The behavior is related to configuration options which some of them are repo specific or specific for commandline repository. If user wants to verify everything, the hint provides sufficient information which configuration of repository should be modified. Closes: rpm-software-management#1311
DNF5 informs about number of packages that signature was not verified, but without any additional detail. The ID of repository provides a good hint for user why the check was skipped. The behavior is related to configuration options which some of them are repo specific or specific for commandline repository. If user wants to verify everything, the hint provides sufficient information which configuration of repository should be modified. Closes: #1311
It would be nice if DNF5 admitted what packages are guilty.
The text was updated successfully, but these errors were encountered: