up2date for testing (with apt/yum/dir repo support)

Chris Kloiber ckloiber at redhat.com
Sun Aug 17 14:12:19 UTC 2003


On Sun, 2003-08-17 at 06:13, Panu Matilainen wrote:
> On Sun, 2003-08-17 at 04:09, Chris Kloiber wrote:
> 
> > 
> > A few little problems I noted, first was that the file sizes of any
> > packages from an apt or yum repo are listed as '0', which made me
> > hesitate to install from them until I verified I was getting real files.
> > Second, it might be nice to have up2date offer to download the GPG-KEY
> > from those apt and yum repos that support GPG, of course that might
> > require mods to apt and yum first, or you could assume the GPG key to be
> > at the same location as the repository. 
> 
> Note that apt itself doesn't understand about signed *packages*, that's
> achieved with scripts (lua in Fedora's apt, others can be used as well).
> Apt does however have notion of signed *repositories*, meaning the
> package lists can be GPG-signed and verified from the release file in
> the repo against GPG-fingerprints found in /etc/apt/vendors.list.
> 
> 	- Panu -

Well I meant the GPG-KEY that the packages were signed with for the
purposes on not having up2date complain about them not having a "valid"
(as in the local keyring has a copy) key so you don't have to click
"yes" to continue all the time. Apt doesn't really need to know about
the GPG key at all, (but it would be nice)

-- 
Chris Kloiber
Red Hat, Inc.





More information about the devel mailing list