On Thu, 22 Dec 2011 11:53:38 +0100 Thomas Bächler <thomas@archlinux.org> wrote:
Am 22.12.2011 11:26, schrieb Allan McRae:
Use to override the global SigLevel value for upgrade operations.
e.g. when installing a package without a signature:
Fails to install: SigLevel = Optional UpgradeSigLevel = Required
Fails to install: SigLevel = Required
Installs: SigLevel = Required UpgradeSigLevel = Optional
Installs: SigLevel = Optional
I'll repeat some things that I said in the bug report - I have no idea if this is feasible and should be done now:
I would love to distinguish between -U <local file> and -U <URL>. The rationale is that I want automatically the highest security when I download something (meaning: 'Required' for -U <URL>) but more convenience when installing a local package that I build from AUR and thus never signed (meaning: 'Optional' for -U <local file>).
just some thoughts.. if you built a package yourself, you can also just sign it and verify the signature when installing. though this is a bit more computationally intensive... also, what if somebody sends you a package by mail or through some other medium than http? then it will also be the '-U <local file>' case but very different from the other '-U <local file>' case where you built yourself. Dieter