http://bugzilla.novell.com/show_bug.cgi?id=596037 http://bugzilla.novell.com/show_bug.cgi?id=596037#c0 Summary: Issue warning if repo is signed with an expired key Classification: openSUSE Product: openSUSE 11.3 Version: Milestone 4 Platform: Other OS/Version: Other Status: NEW Severity: Enhancement Priority: P5 - None Component: libzypp AssignedTo: zypp-maintainers@forge.provo.novell.com ReportedBy: ma@novell.com QAContact: qa@suse.de Found By: Community User Blocker: --- ---[opensuse] zypper: really no check for expiration of gpg keys?--- Meta data in OBS repo-md repositories (i.e., repomd. is usually signed with gpg. It seems that zypper does not check expiration of used gpg keys. (zypper 1.0.13 on openSUSE 11.1, in case that matters.) As an example: http://download.opensuse.org/repositories/Apache:/MirrorBrain/Apache_openSUS... has a key that expired at April 1, 2010; i.e., 12 days ago. (The key has ID 0xBD6D129A and fingerprint EDDD C98D 96A0 F889 9AB0 7C78 9584 A164 BD6D 129A.) I would have expected a warning or an error when this repository is refreshed, but nothing as such happens. --- -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.