Stephan Kleine wrote:
I want a way that allows me to say to get PackageX only from RepoY and nowhere else without switching it to some other repo just cause it happens to get signed by the same pgp key.
The possibility of packages getting switched to another repo without confirmation is IMHO a security hole and the hole discussion weren't necessary if you would just use unqiue vendors (_not_ pgp keys) per repo.
And, considering that it were still possible for repos to use the same vendor _if choosen on purpose_ instead of by default I honestly fail to see one single reason that makes this behavior impossible or inconvenient.
I guess the bug or missing feature you are trying to report is that all subprojects of e.g. home:$USER have the same vendor. There's an API call to change the GPG key of subprojects but none to change the vendor. Furthermore you are suggesting to change the default of having the same vendor for all subprojects to having separate vendors for all subprojects. Correct? I don't get the part about security though. The repo trust setting is all or nothing. You can't only trust individual packages from a repo. Sure vendor stickyness prevents exchanging already installed packages but that's not really a security feature. An enabled, yet untrusted repo could still install arbitrary packages via e.g. Enhances tags. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org