On Fri, May 05, 2006 at 11:58:32AM +0200, Carlos E. R. wrote:
The Friday 2006-05-05 at 05:22 +0200, houghi wrote:
OK. Some feedback. I have looked and looked at the logfiles. It seems that YaST has some internal file installkey.gpg. From the logfile:
Could it have been created from the "gpg-pubkey-*.asc" files?
I don't believe so, because my own key is available there: houghi@penne : ls 2/gpg-pubkey-*.asc 2/gpg-pubkey-0dfb3188-41ed929b.asc 2/gpg-pubkey-3d25d3d9-36e12d04.asc 2/gpg-pubkey-1d061a62-427a396f.asc 2/gpg-pubkey-70660424.asc 2/gpg-pubkey-307e3d54-44201d5d.asc 2/gpg-pubkey-9c800aca-40d8063e.asc
From the logfile: [wfm] Packages.ycp:551 Pkg Builtin called: ImportGPGKey [wfm] Keyring.cc(ImportGPGKey):50 importing trusted key: /installkey.gpg <snip>
<snip>
5 keys... there are exactly 5 ascii key files also.
There are 6 *.asc keys.
So one of two things must be changed. 1) A warning that tells you that the packages are not verified
It will not work, IMO, because remember that I installed telling it to ignore the key, and then after I got the pesky message about the signature every time I run YOU.
Then that behavious must also be changed, having an option to ignore it each and every time. Perhaps a warning that says: Hey This is not signed by X. It is signed by Y. Do you trust that? The difference that MIGHT be is that the SUSE keys are "gpg-pubkey-*-*.asc" and mine is "gpg-pubkey-*.asc" houghi -- Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk und Arbeit, und das Sein wichtiger als das Tun - Johannes Müller-Elmau