Hi,
I still have a factory box sitting around -- because it is such fun. After
a "zypper update -t package" sysinfo:/ has it as "openSUSE 10.3.1 (i586)
Alpha0".
I just did "zypper install htop" and got this:
Aktualisiere '10.3 - Update Repository'
Möchten Sie diesem Schlüssel A84EDAE89C800ACA, SuSE Package Signing Key
, Fingerabdruck 79C179B2E1C820C1890F9994A84EDAE89C800ACA
vertrauen? [ja/nein]
Which is german for "Would you like to trust this key?" and then
Schlüssel A84EDAE89C800ACA zu den vertrauenswürdigen Schlüsseln hinzufügen?
[ja/nein]
Which means "Add key to trusted keys?"
Same thing with the repositories 'FACTORY - Mozilla' and 'FACTORY -
KDE:Community'.
So the chain of trust here is built by a script just asking? What was the
security in this again? Would someone care to enrich this a tad for the
upcoming 11.0? Like a note on how and where to check a new key?
Irritated, but hey: "No risk no fun" is what all dead rockstars said.
Wolfgang
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
For additional commands, e-mail: opensuse-factory+help@opensuse.org