Red Hat Bugzilla – Bug 33112
``not signed with GPG signature'' dialog needs a ``Yes to all'' button
Last modified: 2015-01-07 18:44:36 EST
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux 2.4.0 i686; en-US; 0.8) Gecko/20010215
Apparently, many of the wolverine updates do not have GPG signatures
associated with the packages. This doesn't really bother me, but being
prompted "The package foo is not signed with a GPG signature. Continue?"
for *every* package foo is most annoying and makes it impossible to let
up2date retrieve packages unattended.
IMO, it would be most useful if an additional "Yes to all" button were
added to this dialog.
Steps to Reproduce:
1.Start up2date on a wolverine system which has not been upgraded to
2.Select the XFree86 packages to be updated.
3.Start the update. Observe the message which asks if it is okay to
continue without a GPG signature.
4. Note that the yes button needs to be pressed for each such message,
making it impossible to let up2date download the packages unattended.
Here's an additional annoyance associated with this bug... If you are using
the keyboard to attempt to get other work done while up2date is retrieving
the packages and the "...is not signed with a GPG signature" message pops
up while you are typing, pressing a space will trigger the selected button
in this dialog (which is "No") and the update will be terminated.
I just noticed that ``up2date --configure'' allows me to disable GPG checking
altogether. I still think it'd be nice to have a means to disable it "on the
fly" for only a single session.
*** Bug 32104 has been marked as a duplicate of this bug. ***
If you want to say yes to some and no to others.... program exists. There needs
to be a "Skip" just tbis package option.
"Skip" is nice, but I guess it would be much harder to implement properly (what
if the package you've skipped breaks some dependency?).
"Yes to all", OTOH should be very easy to implement. Are you sure this is
"priority: low"? IMHO this problem is pretty annoying.
From the commandline, you can pass '--nosig' which will allow you to retrieve
packages without checking the GPG signature, even if the config is set to check
This isnt too much of an issue these days, and
I'm somewhat opposed to a "yes to all" in the gui for this anyway,
so closing this bug.