[12.Eyl.07 15:43 -0400] seth vidal:
On Wed, 2007-09-12 at 21:42 +0200, Nicolas Mailhot wrote:
I hope yum has a check somewhere to forbid installation of unknown default-on repositories.
how on earth would yum know? Do you want yum to have special behavior if it detects a .repo file?
Not for .repo files, but it would be nice to check for GPG keys it installs.
If you cannot trust the repo then don't use it.
Building a chain of trust that way looks wrong.