On Thu, Dec 27, 2007 at 01:05:58AM +0100, nordi wrote:

Hi!

Today I wanted to add some community repositories as installation sources, more specifically stuff from the OpenSuse Build Service. Yast complained about an untrusted key, since the public key of the build service is not included in the distribution (not to be confused with the build key, which is included).

Of course I could just press the "OK" button, or download the key from [1], import it and never be bothered again. But that key has no signatures and is transmitted via http, so I still do not know if I have the right key. Is there any way of securely retrieving the authentic public key of the build service without traveling to Nuremberg? How is the average user supposed to do that?

Actually we should perhaps just sign it with a known key. Also, we will switch to per-project GPG keys in the future. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-buildservice+help@opensuse.org