https://bugzilla.novell.com/show_bug.cgi?id=461957 User robin.listas@telefonica.net added comment https://bugzilla.novell.com/show_bug.cgi?id=461957#c2 --- Comment #2 from Carlos Robinson <robin.listas@telefonica.net> 2008-12-31 05:40:05 MST --- My suggestion is that Yast or zypper, when they ask about importing a key, should list all the information they have about a key, and suggest visiting a certain web page at openSUSE where the list of keys IDs and names is listed. If the key with certain name has a different ID to the one that zypper offers to add to the ring, then we know the key is false. That's the first step, the one this report is about. That web page can not be a wiki, or at least, not a public one. On the other hand, a module could be added to zypper/yast to handle pgp keys, but it could simply be calling one of the desktop key handlers, like seahorse, with the appropriate options. There the user could check the web of trust, import keys, etc. As it it a keyring separate from that of the user or root, it can not be handled directly. And of course, keys have to be inter-signed. When the admin finishes importing keys in the external app, he can tell zypper/yast to retry, abort, continue... Another possible feature is yast/zypper listing the "trust" level of keys associated to repos when displaying repos. It could be an entire set of new options for zypper. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.