Bug 113658 - RFE: Better error message when installing packages not signed by trusted key
RFE: Better error message when installing packages not signed by trusted key
Status: CLOSED DEFERRED
Product: Red Hat Enterprise Linux 3
Classification: Red Hat
Component: rpm (Show other bugs)
3.0
All Linux
medium Severity medium
: ---
: ---
Assigned To: Jeff Johnson
Mike McLean
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-01-16 00:33 EST by Mike MacCana
Modified: 2007-11-30 17:07 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2004-01-16 10:30:10 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Mike MacCana 2004-01-16 00:33:25 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (compatible; Konqueror/3.1; Linux)

Description of problem:
When installing a package that's not signed by an organization who's public key has been imported into RPM, a message like the following pops up:

"warning: foobar-3.5-1.i386.rpm: V3 DSA signature > NOKEY, key ID 34ab95ba"

I'm a contract RHCX, and I notice that a lot of experienced customers find this warning confusing. Could it be replaced by, or be accompanied by, something more decipherable?

"warning: package not signed by organization with trusted signature" might be a good start.

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.Install a package not signed by an organization whose public key is trusted by RPM    

Additional info:
Comment 1 Jeff Johnson 2004-01-16 10:30:10 EST
There's more than text that needs change, as rpm signatures
have only a primitive and ill-defined concept of trust atm.

Currently it's up to the user to import keys, existence (or lack
thereof) of the key is only mechanism.

Adding terms like "organization" and "trusted" will only muddle
and confuse issues regarding pubkey management imho. The plan
is to distribute and import public keys in packages.

Yes, the message is pugly and nerdy, will be fixed as rpm
starts to get a better definition for trust.

Deferred until then.

Note You need to log in before you can comment on or make changes to this bug.