Why don't you simply accept (press p) the new key? :-)
Because I want to know if that is the correct procedure!
If I accept as valid a changed certificate with no (independent) validation, there is no security at all. I might as well be using telnet or plain http.
Perhaps the correct thing is to add a master certificate to /etc/ssl/certs and consider Novell as a valid CA. Or perhaps Novell should buy a certificate. I dunno.
I dunno. So I ask. This is an enterprise level server, it is not mine, and I don't want to do anything wrong. There is a responsibility. I prefer to ask first and be told what to do.
But changing a certificate from under our feet, without been told, and after much insistence, learning that I should accept for ever the certificate after comparing the fingerprint to the fingerprint posted in a wiki... a wiki, by definition, can be changed by anyone.
It doesn't feel right.
Maybe I'm too paranoid. Or too security conscious.
Hehe, we are not speaking of closed code, or of secrets things, but of translations. The worst it can happen is that you need to go back in time through SVN, in case you make a mistake. So, don't worry, and accept the certificate. As explained on bugzilla, it's the right choice. :-) Regards, Alberto --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-translation+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-translation+help@opensuse.org