Mailinglist Archive: opensuse (1125 mails)
| < Previous | Next > |
Re: [opensuse] Repo key validation [Was: Missing packages in opensuse-12.1]
- From: Josef Wolf <jw@xxxxxxxxxxxxx>
- Date: Mon, 14 May 2012 12:33:48 +0200
- Message-id: <20120514103348.GO14551@raven.wolf.lan>
On Sun, May 13, 2012 at 04:04:40PM +0200, Carlos E. R. wrote:
Ah! You are talking about expiration of the key for the _update_ repo. Thanks
for clarifying! Well, that's the same problem as with every other (security)
updates. Once those keys are expired, there's no way to get _any_ updates in a
trusted manner.
I don't see any new security issue introduced by having the keys for
third-party repos in the core repository.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
And I say that if it is the update repo key which is expired, I can not
update it in a trusted manner.
Ah! You are talking about expiration of the key for the _update_ repo. Thanks
for clarifying! Well, that's the same problem as with every other (security)
updates. Once those keys are expired, there's no way to get _any_ updates in a
trusted manner.
I don't see any new security issue introduced by having the keys for
third-party repos in the core repository.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx
| < Previous | Next > |