On Thu, May 10, 2012 at 10:58:21PM +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-05-10 21:31, Josef Wolf wrote:
How do you trust the security of the kernel update? It's the same!
It is not the same issue. The kernel updates, when they start coming, have the same key as in the DVD. When the key changes, there is no way to trust the new key. The current key is not valid, and you have to import the new key blindly. To install the package with the new updated key, you have to trust the key first.
You did not understand. The package packman-keys would _not_ be in the packman repository. It would be in a core repository supplied by suse (I wrote that earlier in this thread). Whom do you trust if you load the keys from an arbitrary website, as suggested by the ticket you mentioned earlier in the thread? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org