Mailinglist Archive: opensuse (769 mails)

< Previous Next >
Re: [opensuse] Reliable source for extra and home repository keys?
On Tue, May 17, 2016 at 11:13:16AM +0200, Bjoern Voigt wrote:
Marcus Meissner wrote:
On Tue, May 17, 2016 at 10:39:48AM +0200, Bjoern Voigt wrote:
Is there a reliable source for verifying the PGP keys for extra and home
repositories of the openSUSE build service?

Not all keys can be found in the public key servers (like Where else can I find them all?
You could download them from the OBS api directly over https.

e.g. like:

osc signkey home:msmeissn > msmeissn.asc
Thanks. This is a very good solution. This hint should be documented
more popular in the openSUSE end-user documentation (e.g. directly here: Currently it can be found, but only in
openSUSE build service docs.

I found, that nobody signed the example home-key I used for testing. Is
each developer responsible for distributing his key (e.g. on a
keyserver) and that his contacts sign his key?

Basically yes, we are not doing the gpg tree of trust in the OBS.

Ciao, Marcus
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >