On Thu, Nov 01, 2007 at 04:47:46PM +0100, Wolfgang Woehl wrote:
Donnerstag, 1. November 2007 Michal Marek:
Wolfgang Woehl wrote:
Dienstag, 30. Oktober 2007 Marcus Meissner:
A good trust management for keys was requested for several releases now, but has not happened so far.
Where can you even review which keys yast/zypper uses?
rpm -qi gpg-pubkey | less (these are keys imported into the rpm db, but they'll usually match those used to sign the repos).
find /var/lib/zypp/ -name '*.key' | xargs -L 1 gpg are the keys used by zypp.
Hi Michal, So, please correct me if I'm wrong, in order to link, say, the packman key I have in rpmdb to some factual trust information like packman's website I have to
1. rpm -qi gpg-pubkey > rpmdb-signing_keys.txt (I don't see how you can fingerprint these with rpm so you need to ...) 2. gpg --import rpmdb-signing_keys.txt 3. gpg --fingerprint
in the console?
There is no way in yast to do this. Which leaves the majority of people with the non-choice of accepting a key they cannot check in order to install a package.
Why do I have the feeling that I must be missing something here? That this just cannot be?
The feature of implementing a Trust / Key Management module in YAST is mandatory from the Security Teams PoV for openSUSE 11.0. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org