https://bugzilla.novell.com/show_bug.cgi?id=367666
User lnussel@novell.com added comment
https://bugzilla.novell.com/show_bug.cgi?id=367666#c4
--- Comment #4 from Ludwig Nussel 2008-03-07 02:14:18 MST ---
The build script itself doesn't care about signatures, It just assumes that
everything it gets is already verified. So all the magic is done by osc. It
should just behave like e.g. zypper. Ie download the key, show the fingerprint
and ask the user whether to trust it.
qemu does not protect against intentionally malicious code either. I already
have qemu (and uml) support in lbuild nevertheless though.
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.