On Mon, 2025-03-10 at 16:42 +0100, Florian Weimer wrote:
> > * The most noticeable change is that RPM now refuses to install
> > packages whose signature hasn't been positively verified, whether due
> > to being unsigned, missing key or otherwise. This can be worked around
> > by supplying `--nosignature` on the command line, or more permanently,
> > changing the `%_pkgverify_level` macro to the former default of
> > `digest`, but these should be only temporary measures, users are
> > encouraged to import necessary keys and/or setup automatic signing for
> > their (local) builds instead.
> 
> Does this impact installations via “dnf install”?

I would assume so, since rpm is still under dnf in the end.

> What's the impact on typical Fedora CI tests?

We would need to make sure the CI systems download signed packages,
somehow. AFAIK they currently don't. openQA certainly doesn't.

I've been working on https://github.com/fedora-infra/bodhi/pull/5859 to
help with this, but there turned out to be some subtleties that I
didn't have time to deal with yet (and then I went on vacation).
-- 
Adam Williamson (he/him/his)
Fedora QA
Fedora Chat: @adamwill:fedora.im | Mastodon: @ad...@fosstodon.org
https://www.happyassassin.net




-- 
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

Reply via email to