Mailinglist Archive: opensuse (3752 mails)
| < Previous | Next > |
Re: [opensuse-security] Re: [opensuse] How do I keep openSUSE secure?
- From: Aniruddha <mailing_list@xxxxxxxxx>
- Date: Mon, 08 Oct 2007 14:28:02 +0200
- Message-id: <1191846482.3972.13.camel@xxxxxxxxxxxx>
Thanks for clarifying that :). Do you happen to know where I can manage
(verify, delete etc.) imported gnupg keys?
Thanks!
Regards,
Aniruddha
On Mon, 2007-10-08 at 14:22 +0200, Marcus Meissner wrote:
> On Mon, Oct 08, 2007 at 02:12:02PM +0200, Aniruddha wrote:
> > Hi Joe,
> >
> > Thank you for your answers!
> >
> > May I conclude that is is safe to accept gnupg keys from repositories in
> > yast2 -> Community Repositories ?
> >
> > What do you mean with "the packages... are signed and checked
> > independently"? Does this mean the repo owner checks the packages for
> > vulnerabilities and yast only checks if the contents matches with the
> > signature of the repo owner?
> >
> >
> > Which trusted sources for (source) rpm's do you recommend?
>
> The community packages are provided ... by our community.
>
> So in the end you have to decide how much you trust our judgement
> to decide on good community members.;)
>
> The repository owner is responsible for the security fixes, SUSE Security
> does that only for the official SUSE repositories.
>
> Ciao, Marcus
>
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
(verify, delete etc.) imported gnupg keys?
Thanks!
Regards,
Aniruddha
On Mon, 2007-10-08 at 14:22 +0200, Marcus Meissner wrote:
> On Mon, Oct 08, 2007 at 02:12:02PM +0200, Aniruddha wrote:
> > Hi Joe,
> >
> > Thank you for your answers!
> >
> > May I conclude that is is safe to accept gnupg keys from repositories in
> > yast2 -> Community Repositories ?
> >
> > What do you mean with "the packages... are signed and checked
> > independently"? Does this mean the repo owner checks the packages for
> > vulnerabilities and yast only checks if the contents matches with the
> > signature of the repo owner?
> >
> >
> > Which trusted sources for (source) rpm's do you recommend?
>
> The community packages are provided ... by our community.
>
> So in the end you have to decide how much you trust our judgement
> to decide on good community members.;)
>
> The repository owner is responsible for the security fixes, SUSE Security
> does that only for the official SUSE repositories.
>
> Ciao, Marcus
>
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx
| < Previous | Next > |