https://bugzilla.novell.com/show_bug.cgi?id=729839 https://bugzilla.novell.com/show_bug.cgi?id=729839#c0 Summary: Java Community repository -> unknown gpg key used for signing Classification: openSUSE Product: openSUSE 12.1 Version: Final Platform: x86-64 OS/Version: SuSE Other Status: NEW Severity: Critical Priority: P5 - None Component: Other AssignedTo: bnc-team-screening@forge.provo.novell.com ReportedBy: melchiaros@aol.com QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=461667) --> (http://bugzilla.novell.com/attachment.cgi?id=461667) yast2 message, warn, zypper, other User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 I´ve used yast2 to import community repositories(and with this their keys); the most repositories works fine and the import of the gpg keys works well, with the known dialog of ... do you trust that key-> yes/no The Java Community repository is an exception: The is no importing dialog. Their is only a dialdog that informed the user that the gpg key is unknown and that there is no trust relationship to the owner of the key. I attach the screenshot of the yast2 message box. To mark it: It is a fresh system, I do not have messed on the repository keys until now, so the cause for this is not on my side. Because this could be a security violation I mark this here as critical. Reproducible: Always Steps to Reproduce: 1.call yast2 2.swith to repository management 3.Add new repositories -> community repositories -> Java Community repository -> import it -> see the dialog. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.