-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Monday 2008-05-05 at 08:53 +0200, Stefan Dirsch wrote:
Where does one find the 0x63e11d16 public key? It's your first time with build service repos?
The key is here: http://download.opensuse.org/repositories/home:/coolo/openSUSE_10.3/repodata...
I suggest to submit the key to pgp.mit.edu, since it's not a trivial task at all to figure out where to find the key. See also Bug #375087.
Having the key stored in the same place as the file it protects is useless, IMO. If some attacker manages to subvert the protected file and signs it with another key, the attacker will have no problem at all to also change the public key to the new one, and the downloaded file will check as correct, when it has been perverted. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4-svn0 (GNU/Linux) iD8DBQFIHt2qtTMYHG2NR9URAguOAJwIzkiOzXx1p69c7jk0+fwZjoMQeQCfT7tM sDLxprO3nA7o7gSxxrk5CJg= =JuoL -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org