On Friday 28 November 2008 16:14:49 Jan Kupec wrote:
Michael Andres wrote:
Hi.
Disable signed repos if the user does not trust the key?
It's IMO a valid request as the user actively prevents the repo from being used. Or shall we continue to nag the user about trusting the key on every refresh?
Why not leave it to the user to remove the repo (zypper lr/rr, or in yast gui) before doing other operations?
Just beause it's convenient.
The question is whether this default should be implemented in libzypp, or if it is something the application should explicitly ask for:
Trust key?
[ ] Once [ ] Always (import)
[X] No [X] not now (ask again on next refresh) [ ] maybe later (disable the repository) [ ] never (delete the repository)
While it would be certainly nice to have the possibility to remove the repo right away, but i'm not sure whether such IMO little benefit would outweight the code effort (the callbacks, translations, handling etc..)
A callback is already in place, we ask for trust/import. We just have to add a variable for the repos fate.
+ some people might find it too complex or (paradoxically) annoying.
This is true for every dialog we offer ;) -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org