On Mon, Oct 08, 2007 at 02:12:02PM +0200, Aniruddha wrote: > Hi Joe, > > Thank you for your answers! > > May I conclude that is is safe to accept gnupg keys from repositories in > yast2 -> Community Repositories ? > > What do you mean with "the packages... are signed and checked > independently"? Does this mean the repo owner checks the packages for > vulnerabilities and yast only checks if the contents matches with the > signature of the repo owner? > > > Which trusted sources for (source) rpm's do you recommend?
The community packages are provided ... by our community. So in the end you have to decide how much you trust our judgement to decide on good community members.;) The repository owner is responsible for the security fixes, SUSE Security does that only for the official SUSE repositories. Ciao, Marcus -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
