Donnerstag, 1. November 2007 Michal Marek:
Wolfgang Woehl wrote:
Dienstag, 30. Oktober 2007 Marcus Meissner:
A good trust management for keys was requested for several releases now, but has not happened so far.
Where can you even review which keys yast/zypper uses?
rpm -qi gpg-pubkey | less (these are keys imported into the rpm db, but they'll usually match those used to sign the repos).
find /var/lib/zypp/ -name '*.key' | xargs -L 1 gpg are the keys used by zypp.
Hi Michal, So, please correct me if I'm wrong, in order to link, say, the packman key I have in rpmdb to some factual trust information like packman's website I have to 1. rpm -qi gpg-pubkey > rpmdb-signing_keys.txt (I don't see how you can fingerprint these with rpm so you need to ...) 2. gpg --import rpmdb-signing_keys.txt 3. gpg --fingerprint in the console? There is no way in yast to do this. Which leaves the majority of people with the non-choice of accepting a key they cannot check in order to install a package. Why do I have the feeling that I must be missing something here? That this just cannot be? Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org