On Thu, Dec 18, 2008 at 10:42 AM, Pierre Schmitz <pierre@archlinux.de> wrote:
Am Donnerstag 18 Dezember 2008 17:22:25 schrieb Aaron Griffin:
I think "Optional" makes sense in some cases. Let's take the community repo, where things tend to be a hodge-podge of ideas and attitudes. I can imagine half the packages being signed, some being unsigned, and some being signed by keys not in the keyring.
Well, if that will be the case we can forget about the whole signing stuff. One "unprotected" package is enough to inject your custom code.
Right, but that's not what I'm saying. As a user, I might not care. Actually, I don't. Here's our cases: People who care about super-secure packages: Set things to "Always" and then your system will only install signed packages Middle of the road people: Set core and extra to "Always" and other repos to either "Never" or "Optional". People who don't care: Everything is set to "Never". See, I fall in the middle case. I'd love to have everything signed, but I know it won't happen for everything all the time. So, if I set community to "Always", I'm going to run into a case where I want to install a package from community that is unsigned. We need a "fuck it, install it anyway" case. Now, instead of the "Optional" setting, if there was a --skip-signature flag that I could use, I would also be sated. Either way, I'd just like to see a case where I can force it to skip the signature check.