[Rpm-maint] [rpm-software-management/rpm] RFE: add an override to allow installing content flagged "untrusted" (Issue #2630)
Panu Matilainen
notifications at github.com
Wed Aug 23 10:58:15 UTC 2023
Previously discussed in various different contexts, most recently https://github.com/rpm-software-management/rpm-sequoia/issues/46:
We now return RPMRC_UNTRUSTED for some content, such as packages relying on legacy crypto. This is not considered an error for installed packages because that will not make the "bad" package go away, only makes it unnecessarily hard to remove or upgrade away from, but we flatly refuse to install such content. In many cases it would be preferable to just allow that legacy content to be installed without giving up *all* signature checking with --nosignature.
We should add a config and/or transaction flag to allow installing packages returning RPMRC_UNTRUSTED, both to rpm cli and the API for depsolver etc use.
--
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2630
You are receiving this because you are subscribed to this thread.
Message ID: <rpm-software-management/rpm/issues/2630 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20230823/82d1b382/attachment.html>
More information about the Rpm-maint
mailing list