Good we agree: I wasn't expecting that answer (and these are hard questions).
In reality --nosignatures/--nodigests is used too many places to
just rip out. However signature checking has to become a
per-system policy, not per-invocation, as part of a rational
(in the sense of a security audit) policy based configuration
scheme for verifying the installed software.
And --nofsync (which changes rpmdb behavior) is also pending
for review revisiting the reliability <-> performance tradeoffs
with "RPM ACID" behavior.
Good we agree: I wasn't expecting that answer (and these are hard questions).
In reality --nosignatures/ --nodigests is used too many places to
just rip out. However signature checking has to become a
per-system policy, not per-invocation, as part of a rational
(in the sense of a security audit) policy based configuration
scheme for verifying the installed software.
And --nofsync (which changes rpmdb behavior) is also pending
for review revisiting the reliability <-> performance tradeoffs
with "RPM ACID" behavior.
There are blueprints for each somewhere here ...