On Thursday 06 September 2007 08:44:16 wrote Dirk Stoecker:
On Thu, 6 Sep 2007, Adrian Schröter wrote:
* People who currently use repositories from OBS will need to import the new gpg key(s). Otherwise the package managers will report errors.
Is signing with two keys possible? If so use a new buildservice key and still sign all packages with the old one (at least for older distributions). Add multi-key handling for openSUSE 10.3 and start using it there.
We discussed this as well. It is technical possible but showed more problems. The biggest one is that people just can remove one of the keys on their mirror, so YaST would only check only one. If this is only the generic OBS key, it is not enough anymore, but YaST (and any other package manager afaik) can not decide between trusted and less trusted keys.
From my point of view it was very complicated to add a key for Suse 10.1 (searching key, getting key, calling rpm with a commandline). 10.2 did it automatically after a button press if I remember.
Yes, so this is a problem, what will disappear over the time ;)
I myself still have some machines running 10.1 (gladly no longer 9.x, as Strato allowed updates of the virtual servers :-) and don't want to do this all again for all the projects I use.
So my concern is that you may introduce lots of new work. The OBS key is outdated in May 2008 if I'm right. When you have proper keyhandling in openSUSE 10.3 and 10.2 all is fine and you may introduce new handling there, but leave the old key until it ends for the older distributions. Is this possible?
that is not that easy, since we design the new mechanism to have one (or more) key(s) per project. So all created repositories would have the same keys ... So I am a bit unsure what to do here, I would like to avoid to spend too much work into something what has too much future and will be obsolete not that far away. (openSUSE 10.0 is about to run out of maintainance already and 10.1 is next ...)
P.S. yast needs a RPM keyhandling module, where I can list, disable, enable, ... the keys when you introduce such a mass of keys.
Yes, that would be good ... I create an official request in our internal system for that ... bye adrian -- Adrian Schroeter SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) email: adrian@suse.de --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org