Bug 133985 - RFE: list unsigned packages; batch interact when all downloaded
RFE: list unsigned packages; batch interact when all downloaded
Status: CLOSED CANTFIX
Product: Fedora
Classification: Fedora
Component: up2date (Show other bugs)
3
i386 Linux
medium Severity medium
: ---
: ---
Assigned To: Bret McMillan
Fanny Augustin
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2004-09-28 16:30 EDT by John Reiser
Modified: 2007-11-30 17:10 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2006-10-29 10:10:19 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description John Reiser 2004-09-28 16:30:45 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; rv:1.7.3) Gecko/20040928
Firefox/0.10

Description of problem:
Currently up2date-gnome demands immediate interaction if a package is
unsigned when up2date is checking package signatures.  There should be
an option just to list unsigned packages in a scrolling list box, then
deal with the list after all packages have been downloaded.  This
would be more convenient for the user than having to interact online
immediately as each unsigned package is encountered.  It would be nice
if there were options to accept all packages in the list even though
unsigned, or to discard them all (and continue the remaining up2date
processing as much as possible), or to choose the fate of each
unsigned package individually.  But even if the only choice was to
accept all (and continue), or to abandon any further processing, this
would still be more convenient because it allows "batch" downloading,
rather than the current situation of requiring that the user "spoon
feed" the download as soon as each unsigned package arrives.


Version-Release number of selected component (if applicable):
up2date-gnome-4.3.40-1

How reproducible:
Always

Steps to Reproduce:
1. up2date several unsigned packages in one session.
2.
3.
    

Actual Results:  Download stops after each unsigned package, with a
dialog "<package> is not signed with a GPG signature" and options
Continue [accept unsigned package] or Quit [entire session].

Expected Results:  The names of unsigned packages dribble into a
scrollable list box, but downloading continues (without requiring user
interaction at each package.)  When downloading is all finished, then
up2date should query the user what to do with the list of unsigned
packages.

Additional info:
Comment 1 Jan Newmarch 2005-09-28 08:44:53 EDT
In asking for conmfirmation, selecting No to "the package XXX is not signed.
Continue?" aborts the entire update. While going click-click-click in tedious
interactive mode and not paying much attention, one package had a very long
name, so No appeared where previously Yes had. Took me a couple of weeks to get
around to working that out, by which time there were so many updates that it has
taken me three days of reading emails (click-click), surfing the web
(click-click), etc (click-click). I REALLY support anything that could turn this
into a batch-mode process.
Comment 2 John Reiser 2005-09-28 10:15:02 EDT
The workaround is to change to "useGPG=0" in /etc/sysconfig/rhn/up2date .  This
is "obvious" if you understand the inner workings of up2date, but not evident to
the casual user.  It also discards signing security entirely, instead of letting
you benefit from as much signing as there is, and then deal with unsigned
packages as a separate group (instead of one-at-a-time.)
Comment 3 Matthew Miller 2006-07-10 19:40:18 EDT
Fedora Core 3 is now maintained by the Fedora Legacy project for security
updates only. If this problem is a security issue, please reopen and
reassign to the Fedora Legacy product. If it is not a security issue and
hasn't been resolved in the current FC5 updates or in the FC6 test
release, reopen and change the version to match.

Thank you!
Comment 4 John Thacker 2006-10-29 10:10:19 EST
Closing per lack of response to previous comment.  If this still occurs on FC3
or FC4 and is a security issue, please assign to Fedora Legacy and the
appropriate version.  The bug could also be filed against RHEL if it is relevant
there.

up2date has been replaced by pirut and pup in FC5 and FC6, the still fully
supported versions of Fedora Core, so this bug will not be fixed unless it is a
security issue.

Note You need to log in before you can comment on or make changes to this bug.