-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2012-05-11 12:11, Josef Wolf wrote:
How comes you install opensuse if you don't trust suse?
I trust SUSE. But we do not have a reliable path to import the keys. Zypper/Yast simply ask us to allow importing such a key, and there is no way to learn if the key offered comes really from the source it says it comes. A rogue mirror can change the key anytime, and users will simply accept it! That is the current situation. Just because developers/packagers refuse to publish their keys in a reliable manner. This is unacceptable. One day will have a disaster like the one that hit the kernel chaps. - -- Cheers / Saludos, Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk+s87IACgkQIvFNjefEBxrnBwCfatn9GKhfeMXTHpWLfb2P9l9S K0EAn3AnFQIcZ6TZERyfG+0nU8OMM8wA =RGMN -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org