On Mi, 2010-06-02 at 11:26 +0200, Goswin von Brederlow wrote: > Any objections to the proposed design for this feature? > > - deb [key=0x1AB52325534,0x3475BDF478] ... > Only accept signatures by one of the listed fingerprints Sounds good.
> > - deb [keyring=foobar.gpg] ... > Use foobar.gpg to verify the signatures and only foobar.gpg. What kinds of file names are supported: a) absolute paths b) files relative to /usr/share/keyrings/ Do we want to do permission checks on those files (i.e. only accept files not writeable by normal users)? > > deb [trust=always|never] .... > Ignore the Release signature and just always or never trust the > source. "always" would be for file:// or sources on the local > network where you don't care if it is unsigned. "never" would be for > repositories you want to always be asked before they are used and > which should not replace packages from more trusted repositories. Let's add trust=moo, which let's a cow ask you whether you trust this source... BTW, Wasn't this all part of vendors.list sometime ago (I don't know whether it was, it's not used anymore; and was not in use when I started using Debian). -- Julian Andres Klode - Debian Developer, Ubuntu Member See http://wiki.debian.org/JulianAndresKlode and http://jak-linux.org/. -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]

