On Thu, Nov 01, 2007 at 04:47:46PM +0100, Wolfgang Woehl wrote: > Donnerstag, 1. November 2007 Michal Marek: > > Wolfgang Woehl wrote: > > > Dienstag, 30. Oktober 2007 Marcus Meissner: > > >> A good trust management for keys was requested for several releases now, > > >> but has not happened so far. > > > > > > Where can you even review which keys yast/zypper uses? > > > > rpm -qi gpg-pubkey | less > > (these are keys imported into the rpm db, but they'll usually match > > those used to sign the repos). > > > > find /var/lib/zypp/ -name '*.key' | xargs -L 1 gpg > > are the keys used by zypp. > > Hi Michal, > So, please correct me if I'm wrong, in order to link, say, the packman > key I > have in rpmdb to some factual trust information like packman's website I have > to > > 1. rpm -qi gpg-pubkey > rpmdb-signing_keys.txt (I don't see how you can > fingerprint these with rpm so you need to ...) > 2. gpg --import rpmdb-signing_keys.txt > 3. gpg --fingerprint > > in the console? > > There is no way in yast to do this. Which leaves the majority of people with > the non-choice of accepting a key they cannot check in order to install a > package. > > Why do I have the feeling that I must be missing something here? That this > just cannot be?
The feature of implementing a Trust / Key Management module in YAST is mandatory from the Security Teams PoV for openSUSE 11.0. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]