http://bugzilla.novell.com/show_bug.cgi?id=625384 http://bugzilla.novell.com/show_bug.cgi?id=625384#c0 Summary: Can't use osc securely Classification: openSUSE Product: openSUSE 11.3 Version: Final Platform: Other OS/Version: Other Status: NEW Severity: Major Priority: P5 - None Component: Development AssignedTo: pth@novell.com ReportedBy: lkundrak@v3.sk QAContact: qa@suse.de Found By: --- Blocker: --- Created an attachment (id=378221) --> (http://bugzilla.novell.com/attachment.cgi?id=378221) deep recursion User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.4) Gecko/20100622 Fedora/3.6.4-2.fc14 Firefox/3.6.4 I booted a openSUSE 11.3 live GNOME media and run "zypper in osc". I've encountered two problem but they are possibly related thus opening a single bug report. 1.) Upon first run the certificate was untrusted: lkundrak@linux:~> osc ls *** certificate verify failed at depth 0 Subject: /serialNumber=Z5rnYBfW36qc6oVoHaO0ceAbfvr3w6Oa/C=US/ST=Utah/L=Provo/O=Novell, Inc./CN=*.opensuse.org Issuer: /C=US/O=Equifax/OU=Equifax Secure Certificate Authority .. This is possibly a rather serious security problem -- public certificate of the authority that signed the certificate should be trusted by default. Or, at the very least, a securie way to verify the fingerprint of the certificate should be provided (I am not aware of any). 2.) osc does not work at all, deep recursion somewhere in crypto code. I am attaching the traceback as an attachment, since given it's from infinite recursion and thus is quite long :) Reproducible: Always Steps to Reproduce: 1. 2. 3. lkundrak@kutanoid-wlan:~> rpm -q osc osc-0.128-17.1.noarch tried with 0.127 as well. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.