Bug 113658 - RFE: Better error message when installing packages not signed by trusted key
Summary: RFE: Better error message when installing packages not signed by trusted key
Keywords:
Status: CLOSED DEFERRED
Alias: None
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: rpm
Version: 3.0
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Jeff Johnson
QA Contact: Mike McLean
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2004-01-16 05:33 UTC by Mike MacCana
Modified: 2007-11-30 22:07 UTC (History)
1 user (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2004-01-16 15:30:10 UTC
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)

Description Mike MacCana 2004-01-16 05:33:25 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; Linux)

Description of problem:
When installing a package that's not signed by an organization who's public key has been imported into RPM, a message like the following pops up:

"warning: foobar-3.5-1.i386.rpm: V3 DSA signature > NOKEY, key ID 34ab95ba"

I'm a contract RHCX, and I notice that a lot of experienced customers find this warning confusing. Could it be replaced by, or be accompanied by, something more decipherable?

"warning: package not signed by organization with trusted signature" might be a good start.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Install a package not signed by an organization whose public key is trusted by RPM    

Additional info:

Comment 1 Jeff Johnson 2004-01-16 15:30:10 UTC
There's more than text that needs change, as rpm signatures
have only a primitive and ill-defined concept of trust atm.

Currently it's up to the user to import keys, existence (or lack
thereof) of the key is only mechanism.

Adding terms like "organization" and "trusted" will only muddle
and confuse issues regarding pubkey management imho. The plan
is to distribute and import public keys in packages.

Yes, the message is pugly and nerdy, will be fixed as rpm
starts to get a better definition for trust.

Deferred until then.


Note You need to log in before you can comment on or make changes to this bug.