Comment 11 for bug 911339

Good we agree: I wasn't expecting that answer (and these are hard questions).

In reality --nosignatures/--nodigests is used too many places to
just rip out. However signature checking has to become a
per-system policy, not per-invocation, as part of a rational
(in the sense of a security audit) policy based configuration
scheme for verifying the installed software.

And --nofsync (which changes rpmdb behavior) is also pending
for review revisiting the reliability <-> performance tradeoffs
with "RPM ACID" behavior.

There are blueprints for each somewhere here ...