On Tue, Apr 04, 2006 at 10:47:46AM +0200, houghi wrote:
On Tue, Apr 04, 2006 at 08:58:12AM +0200, Andreas Jaeger wrote:
"Michael DePaulo" <msd19@case.edu> writes:
Hey all,
First of all, it looks like the non-OSS software repository for opensuse beta9 isn't setup right.
ftp://ftp.suse.com/pub/suse/install/10.1/SUSE-Linux10.1-Beta9-Extra/
It looks more like a bug in YaST, please create a bugreprot against YaST with log files attached,
Could this be related to the checking with the content.key? If yes, how is the content.key calculated? On what is it based? (Perhaps people killfiled the makeSUSEdvd thread, so I ask here again)
Could we get any info on this security thing, or is is security through obscurity?
This security thing is very new thats why not much of it is documented yet. - The content.key is a GPG public key, ascii armor protected. - With this key, the content file is signed. The content file contains references to the metadata of CD, including more keys. - YUM repodata also must be signed with one of those public keys to be accepted. In the next beta/rc there will be key dialogs shown that allow accepting, importing keys and similar. Ciao, Marcus