Hi, I still have a factory box sitting around -- because it is such fun. After a "zypper update -t package" sysinfo:/ has it as "openSUSE 10.3.1 (i586) Alpha0". I just did "zypper install htop" and got this: Aktualisiere '10.3 - Update Repository' Möchten Sie diesem Schlüssel A84EDAE89C800ACA, SuSE Package Signing Key <build@suse.de>, Fingerabdruck 79C179B2E1C820C1890F9994A84EDAE89C800ACA vertrauen? [ja/nein] Which is german for "Would you like to trust this key?" and then Schlüssel A84EDAE89C800ACA zu den vertrauenswürdigen Schlüsseln hinzufügen? [ja/nein] Which means "Add key to trusted keys?" Same thing with the repositories 'FACTORY - Mozilla' and 'FACTORY - KDE:Community'. So the chain of trust here is built by a script just asking? What was the security in this again? Would someone care to enrich this a tad for the upcoming 11.0? Like a note on how and where to check a new key? Irritated, but hey: "No risk no fun" is what all dead rockstars said. Wolfgang --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org