## download.media_preference = download
##
-## Signature checking (repodata and rpm packages)
+## Signature checking (repo metadata and downloaded rpm packages)
##
## boolean gpgcheck (default: on)
## boolean repo_gpgcheck (default: unset -> according to gpgcheck)
## boolean pkg_gpgcheck (default: unset -> according to gpgcheck)
##
-## If 'gpgcheck' is 'on' we will either check the signature of repo metadata
-## (packages are secured via checksum in the metadata), or the signature of
-## an rpm package to install if it's repo metadata are not signed or not
-## checked.
-##
-## The default behavior can be altered by explicitly setting 'repo_gpgcheck' and/or
-## 'pkg_gpgcheck' to perform those checks always (if 'on') or never (if 'off').
-##
## Explicitly setting 'gpgcheck', 'repo_gpgcheck' 'pkg_gpgcheck' in a
-## repositories .repo file will overwrite the defaults here.
+## repositories .repo file will overwrite the defaults for this specific
+## repo.
+##
+## If 'gpgcheck' is 'on' (the default) we will check the signature of repo metadata
+## (packages are secured via checksum inside the metadata). Using unsigned repos
+## needs to be confirmed.
+## Packages from signed repos are accepted if their checksum matches the checksum
+## stated in the repo metadata.
+## Packages from unsigned repos need a valid gpg signature, using unsigned packages
+## needs to be confirmed.
+##
+## The above default behavior can be tuned by explicitly setting 'repo_gpgcheck'
+## and/or 'pkg_gpgcheck':
+##
+## 'repo_gpgcheck = on' same as the default.
+##
+## 'repo_gpgcheck = off' will silently accept unsigned repos. It will NOT turn off
+## signature checking on the whole, nevertheless it's not a secure setting.
+##
+## 'pkg_gpgcheck = on' will enforce the package signature checking and the need
+## to confirm unsigned packages for all repos (signed and unsigned).
+##
+## 'pkg_gpgcheck = off' will silently accept unsigned packages. It will NOT turn off
+## signature checking on the whole, nevertheless it's not a secure setting.
+##
+## If 'gpgCheck' is 'off' (not recommended), no checks are performed. You can still
+## enable them individually by setting 'repo_gpgcheck' and/or 'pkg_gpgcheck' to 'on'.
+##
+## NOTE:
+## BSC#1038984: For a short period of time, libzypp-16.15.x
+## will silently accept unsigned packages IFF a repositories gpgcheck
+## configuration is explicitly turned OFF like this:
+## gpgcheck = 0
+## repo_gpgcheck = 0
+## pkg_gpgcheck = 1
+## This will allow some already released products to adapt to the behavioral
+## changes introduced by fixing BSC#1038984, while systems with a default
+## configuration (gpgcheck = 1) already benefit from the fix in libzypp-16.15.x.
+## With libzypp-16.16.x the above configuration will reject unsigned packages
+## as it is supposed to do.
##
## DISABLING GPG CHECKS IS NOT RECOMMENDED.
## Signing data enables the recipient to verify that no modifications
projects / platform / upstream / libzypp.git / blobdiff