Mailinglist Archive: opensuse-security (408 mails)
| < Previous | Next > |
why does SuSE once in a while offer unsigned RPMs ?
- From: malte_gell@xxxxxxxxxxx (Malte Gell)
- Date: Sun, 14 Apr 2002 19:19:03 +0200
- Message-id: <16wng7-0NypRQC@xxxxxxxxxxxxxxxxxxxxxx>
hi there,
just downloaded the KDE3 update for SuSE 7.3 when I saw that (at least)
kdelibs3-3.0-35.rpm is not signed with the Package Signing Key.
It makes me feel a bit nervous when I should install unsigned packages even
if obtained directly from ftp.suse.com or ftp.gwdg.de, it was the same with
some KDE 2.2.2 packages for SuSE 7.3, I have informed security@xxxxxxx about
this with KDE2 packages.
It would be nice if you would take signing more seriously and if you would
check each package whether it is actually signed before offering it, no
matter if it's just a KDE update or "official stuff" below
.../i386/update/x.xx/
Malte
just downloaded the KDE3 update for SuSE 7.3 when I saw that (at least)
kdelibs3-3.0-35.rpm is not signed with the Package Signing Key.
It makes me feel a bit nervous when I should install unsigned packages even
if obtained directly from ftp.suse.com or ftp.gwdg.de, it was the same with
some KDE 2.2.2 packages for SuSE 7.3, I have informed security@xxxxxxx about
this with KDE2 packages.
It would be nice if you would take signing more seriously and if you would
check each package whether it is actually signed before offering it, no
matter if it's just a KDE update or "official stuff" below
.../i386/update/x.xx/
Malte
| < Previous | Next > |