Mailinglist Archive: opensuse-buildservice (339 mails)

< Previous Next >
Re: GPG keys not on public servers was Re: [opensuse-buildservice] Missing public key with 'yum install' from my home project
  • From: Adrian Schröter <adrian@xxxxxxx>
  • Date: Thu, 6 Mar 2008 08:33:02 +0100
  • Message-id: <200803060833.02900.adrian@xxxxxxx>
On Thursday 06 March 2008 08:03:57 wrote Boyd Lynn Gerber:

The work around for local build is the --no-verify, which in my opinion is
a security risk. I would really like to have the keys.

You may make want to make a feature request in bugzilla to download the key
automatically in osc when starting the build.

However, I am not sure if that might be a security risk as well, since you
usually do trust this repo as well and it can take over your system (if you
do not build with XEN). But there is no difference compared to automatic
downloading the key from a keyserver and accepting it.



Adrian Schroeter
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
email: adrian@xxxxxxx

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-buildservice+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups