Hi. Disable signed repos if the user does not trust the key? It's IMO a valid request as the user actively prevents the repo from being used. Or shall we continue to nag the user about trusting the key on every refresh? The question is whether this default should be implemented in libzypp, or if it is something the application should explicitly ask for: Trust key? [ ] Once [ ] Always (import) [X] No [X] not now (ask again on next refresh) [ ] maybe later (disable the repository) [ ] never (delete the repository) Or shall we introduce some zconf option RepoWithUntrustedKey = [nag|disable|delete] -- cu, Michael Andres +------------------------------------------------------------------+ Key fingerprint = 2DFA 5D73 18B1 E7EF A862 27AC 3FB8 9E3A 27C6 B0E4 +------------------------------------------------------------------+ Michael Andres YaST Development ma@novell.com SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) Maxfeldstrasse 5, D-90409 Nuernberg, Germany, ++49 (0)911 - 740 53-0 +------------------------------------------------------------------+ -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org