On Mon, Oct 29, 2007 at 10:44:56PM +0100, Wolfgang Woehl wrote: > Hi, > > I still have a factory box sitting around -- because it is such fun. After > a "zypper update -t package" sysinfo:/ has it as "openSUSE 10.3.1 (i586) > Alpha0". > > I just did "zypper install htop" and got this: > > Aktualisiere '10.3 - Update Repository' > Möchten Sie diesem Schlüssel A84EDAE89C800ACA, SuSE Package Signing Key > <[EMAIL PROTECTED]>, Fingerabdruck 79C179B2E1C820C1890F9994A84EDAE89C800ACA > vertrauen? [ja/nein] > > Which is german for "Would you like to trust this key?" and then > > Schlüssel A84EDAE89C800ACA zu den vertrauenswürdigen Schlüsseln hinzufügen? > [ja/nein] > > Which means "Add key to trusted keys?" > > Same thing with the repositories 'FACTORY - Mozilla' and 'FACTORY - > KDE:Community'. > > So the chain of trust here is built by a script just asking? What was the > security in this again? Would someone care to enrich this a tad for the > upcoming 11.0? Like a note on how and where to check a new key? > > Irritated, but hey: "No risk no fun" is what all dead rockstars said. > Wolfgang
The [EMAIL PROTECTED] is on the actual 10.3 media and the above code should not ask for it. There were bugs in 10.3 Beta versions that still did though. The openSUSE buildservice key needs to be imported though, it can be found on the website of the buildservice. A good trust management for keys was requested for several releases now, but has not happened so far. ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
