Mailinglist Archive: opensuse-factory (242 mails)

[Wolfgang Woehl <tito@xxxxxxxxxx>]

Donnerstag, 1. November 2007 Michal Marek:
> Wolfgang Woehl wrote:
> > Dienstag, 30. Oktober 2007 Marcus Meissner:
> > > A good trust management for keys was requested for several releases now,
> > > but has not happened so far.
> >
> > Where can you even review which keys yast/zypper uses?
>
> rpm -qi gpg-pubkey | less
> (these are keys imported into the rpm db, but they'll usually match
> those used to sign the repos).
>
> find /var/lib/zypp/ -name  '*.key' | xargs  -L 1 gpg
> are the keys used by zypp.

Hi Michal,
        So, please correct me if I'm wrong, in order to link, say, the packman 
key I 
have in rpmdb to some factual trust information like packman's website I have 
to

1. rpm -qi gpg-pubkey > rpmdb-signing_keys.txt (I don't see how you can 
fingerprint these with rpm so you need to ...)
2. gpg --import rpmdb-signing_keys.txt
3. gpg --fingerprint

in the console?

There is no way in yast to do this. Which leaves the majority of people with 
the non-choice of accepting a key they cannot check in order to install a 
package.

Why do I have the feeling that I must be missing something here? That this 
just cannot be?

Wolfgang
---------------------------------------------------------------------
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-factory+help@xxxxxxxxxxxx