Bug ID | 1184808 |
---|---|
Summary | AUDIT-0: Shipping keys via repos |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.3 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Major |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | jsegitz@suse.com |
QA Contact | qa-bugs@suse.de |
CC | d_werner@gmx.net, guillaume.gardet@arm.com, lubos.kocman@suse.com, mlin@suse.com, ro@suse.de |
Depends on | 1184326 |
Found By | --- |
Blocker | --- |
+++ This bug was initially created as a clone of Bug #1184326 +++ Details are in the original bug. copy paste from Michael: I'd be happy if we now catch the momentum and get a solution for this quite common issue (a repo that want's to ship additional keys). It would IMO be a good step forward especially for 3rd parties, if they are enabled to ship their keys in way zypp recognizes them when the repo is added. This is an issue for Leap 15.3 because of the SLES key, but they want a more general mechanism. As this is a very sensitive topic we should review this first