On Wed, Nov 11, Lars Müller wrote:
i'm glad, that my patch to generate a secure apt repository has been applied and is now working.
What we need now is the possibility for Debian/Ubuntu people to import that key into their apt keyring.
Something like
wget http://opensuse.org/buildkey.pub apt-key add - < buildkey.pub
or
http://wiki.debian.org/SecureApt#Howtofindakey
but it doesn't look like the obs keys can be found on keyservers.
AFAIK the keys of the OBS projects are not pushed to any key servers. You need to download them from the particular project you want to use.
Wouldn't it counted as flooding as soon as every new key would be published at the public keyservers?
For rpm based repositories the key is stored at <project>/<distribution>/repodatarepomd.xml.key
Ah, interesting information. So it is part of the yum repository data.
I've not checked how the layout of a Debian repository looks like.
There's no such functionality. The Debian keys seem to be delivered with the install media and the gpg keyservers. -- With best regards, Carsten Hoeger