From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040928 Firefox/0.10 Description of problem: Currently up2date-gnome demands immediate interaction if a package is unsigned when up2date is checking package signatures. There should be an option just to list unsigned packages in a scrolling list box, then deal with the list after all packages have been downloaded. This would be more convenient for the user than having to interact online immediately as each unsigned package is encountered. It would be nice if there were options to accept all packages in the list even though unsigned, or to discard them all (and continue the remaining up2date processing as much as possible), or to choose the fate of each unsigned package individually. But even if the only choice was to accept all (and continue), or to abandon any further processing, this would still be more convenient because it allows "batch" downloading, rather than the current situation of requiring that the user "spoon feed" the download as soon as each unsigned package arrives. Version-Release number of selected component (if applicable): up2date-gnome-4.3.40-1 How reproducible: Always Steps to Reproduce: 1. up2date several unsigned packages in one session. 2. 3. Actual Results: Download stops after each unsigned package, with a dialog "<package> is not signed with a GPG signature" and options Continue [accept unsigned package] or Quit [entire session]. Expected Results: The names of unsigned packages dribble into a scrollable list box, but downloading continues (without requiring user interaction at each package.) When downloading is all finished, then up2date should query the user what to do with the list of unsigned packages. Additional info:
In asking for conmfirmation, selecting No to "the package XXX is not signed. Continue?" aborts the entire update. While going click-click-click in tedious interactive mode and not paying much attention, one package had a very long name, so No appeared where previously Yes had. Took me a couple of weeks to get around to working that out, by which time there were so many updates that it has taken me three days of reading emails (click-click), surfing the web (click-click), etc (click-click). I REALLY support anything that could turn this into a batch-mode process.
The workaround is to change to "useGPG=0" in /etc/sysconfig/rhn/up2date . This is "obvious" if you understand the inner workings of up2date, but not evident to the casual user. It also discards signing security entirely, instead of letting you benefit from as much signing as there is, and then deal with unsigned packages as a separate group (instead of one-at-a-time.)
Fedora Core 3 is now maintained by the Fedora Legacy project for security updates only. If this problem is a security issue, please reopen and reassign to the Fedora Legacy product. If it is not a security issue and hasn't been resolved in the current FC5 updates or in the FC6 test release, reopen and change the version to match. Thank you!
Closing per lack of response to previous comment. If this still occurs on FC3 or FC4 and is a security issue, please assign to Fedora Legacy and the appropriate version. The bug could also be filed against RHEL if it is relevant there. up2date has been replaced by pirut and pup in FC5 and FC6, the still fully supported versions of Fedora Core, so this bug will not be fixed unless it is a security issue.