On 06/22/16 12:27, Samuel Sieb wrote:
On 06/21/2016 09:12 PM, Ed Greshko wrote:
On 06/22/16 11:59, Gordon Messmer wrote:
I'll admit that the risk is hypothetical, but what does rpmfusion's flux have to do with the risk of allowing unsigned packages?
It was only one package that was unsigned, and it came from rpmfusion, and they are in the middle of putting up an new infrastructure. So not unthinkable a package had slipped thru unsigned.
dnf stops at the first unsigned package. All the rpmfusion F24 packages are currently in the updates-testing repository and are unsigned.
Right, and that is why I suggested I should have disable just the rpmfusion check.
In any event.... If you are worried, don't upgrade. If you're not worried, upgrade. Your choice.