Bug 113658

Summary: RFE: Better error message when installing packages not signed by trusted key
Product: Red Hat Enterprise Linux 3 Reporter: Mike MacCana <mmaccana>
Component: rpmAssignee: Jeff Johnson <jbj>
Status: CLOSED DEFERRED QA Contact: Mike McLean <mikem>
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0CC: msw
Target Milestone: ---Keywords: FutureFeature
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-01-16 15:30:10 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Mike MacCana 2004-01-16 05:33:25 UTC 
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; Linux)

Description of problem:
When installing a package that's not signed by an organization who's public key has been imported into RPM, a message like the following pops up:

"warning: foobar-3.5-1.i386.rpm: V3 DSA signature > NOKEY, key ID 34ab95ba"

I'm a contract RHCX, and I notice that a lot of experienced customers find this warning confusing. Could it be replaced by, or be accompanied by, something more decipherable?

"warning: package not signed by organization with trusted signature" might be a good start.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Install a package not signed by an organization whose public key is trusted by RPM    

Additional info:
Comment 1 Jeff Johnson 2004-01-16 15:30:10 UTC 
There's more than text that needs change, as rpm signatures
have only a primitive and ill-defined concept of trust atm.

Currently it's up to the user to import keys, existence (or lack
thereof) of the key is only mechanism.

Adding terms like "organization" and "trusted" will only muddle
and confuse issues regarding pubkey management imho. The plan
is to distribute and import public keys in packages.

Yes, the message is pugly and nerdy, will be fixed as rpm
starts to get a better definition for trust.

Deferred until then.