Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] Reliable source for extra and home repository keys?
Olav Reinert wrote:
On Die, 2016-05-17 at 10:53 +0200, Marcus Meissner wrote:
On Tue, May 17, 2016 at 10:39:48AM +0200, Bjoern Voigt wrote:
Is there a reliable source for verifying the PGP keys for extra and
home
repositories of the openSUSE build service?

Not all keys can be found in the public key servers (like
https://sks-keyservers.net/i/). Where else can I find them all?
You could download them from the OBS api directly over https.

e.g. like:

osc signkey home:msmeissn > msmeissn.asc
This is interesting.
When I retrieve the key for my own home project and import into GPG I
get:

$ gpg --import home\:oreinert.asc
gpg: key F8D5B628: public key "home:oreinert OBS Project <home:
oreinert@xxxxxxxxxxxxxxxxxx>" imported
gpg: Total number processed: 1
gpg: imported: 1 (RSA: 1)
gpg: no ultimately trusted keys found

So, the next question becomes:
What is the ultimate trusted key, and how do I get it?
I think, the next action you should do is:

$ gpg --edit-key "home:oreinert@xxxxxxxxxxxxxxxxxx"

With command "sign" you can sign the key with your default key. With
command "trust" you can set the trust (e.g. ultimate, if you are sure,
that the key can be trusted completely) for the key.

If you haven't a default key, you can create a key-pair or you can
import your key-pair from another keyring.

Greetings,
Björn

--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >