[opensuse-factory] Fac-non oss: no valid metadata found...
Hi, The sources are stubborn this morning.. ftp://ftp.gwdg.de/pub/opensuse/factory/repo/non-oss signature verification failed for content -- Enjoy your time around, Oddball (M9.) (Now or never...) OS: Linux 2.6.27.4-2-default x86_64 Huidige gebruiker: oddball@AMD64x2-sfn1 Systeem: openSUSE 11.1 Beta 4 (x86_64) KDE: 4.1.2 (KDE 4.1.2) "release 2.6" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Montag 10 November 2008 schrieb Oddball:
Hi,
The sources are stubborn this morning..
ftp://ftp.gwdg.de/pub/opensuse/factory/repo/non-oss signature verification failed for content
Yeah, we changed our signing key and this caused some problems. I hope this is easy and quick to fix. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2008-11-10 at 09:44 +0100, Stephan Kulow wrote:
The sources are stubborn this morning..
ftp://ftp.gwdg.de/pub/opensuse/factory/repo/non-oss signature verification failed for content
Yeah, we changed our signing key and this caused some problems. I hope this is easy and quick to fix.
No, it is not easy unless you tell us. If key sign suddenly doesn't match, the correct procedure is not to install because you have been compromised. :-/ - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkYK94ACgkQtTMYHG2NR9WFOACfeKJpirLQbqgXzu+/dEWRIfem NaAAnAsFQ3mdWI8nvQNQIn4w4oiW0Erc =PqRG -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. schreef:
On Monday, 2008-11-10 at 09:44 +0100, Stephan Kulow wrote:
The sources are stubborn this morning..
ftp://ftp.gwdg.de/pub/opensuse/factory/repo/non-oss signature verification failed for content
Yeah, we changed our signing key and this caused some problems. I hope this is easy and quick to fix.
No, it is not easy unless you tell us. If key sign suddenly doesn't match, the correct procedure is not to install because you have been compromised.
:-/
-- Cheers, Carlos E. R.
If zypper has the clearance to accept the new key, it will not ask again l8er.. so i noticed... -- Enjoy your time around, Oddball (M9.) (Now or never...) OS: Linux 2.6.27.4-2-default x86_64 Huidige gebruiker: oddball@AMD64x2-sfn1 Systeem: openSUSE 11.1 Beta 4 (x86_64) KDE: 4.1.2 (KDE 4.1.2) "release 2.6" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Monday, 2008-11-10 at 13:50 +0100, Oddball wrote:
If zypper has the clearance to accept the new key, it will not ask again l8er.. so i noticed...
And how do you know that the key is the right one? Keys are used for security, to verify that a) the contents have not being modified and b) that the contents come from the right people, not from an impostor. If you accept keys with no verification, you could as well no use keys at all. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkYMwMACgkQtTMYHG2NR9UjdQCfcAL2Sn2qUvHP1PzDsrbHRyUZ jyQAoIurkT9j3JN8hFK2u78iSEQKmcLA =kOjx -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Carlos E. R. schreef:
On Monday, 2008-11-10 at 13:50 +0100, Oddball wrote:
If zypper has the clearance to accept the new key, it will not ask again l8er.. so i noticed...
And how do you know that the key is the right one?
Keys are used for security, to verify that a) the contents have not being modified and b) that the contents come from the right people, not from an impostor.
If you accept keys with no verification, you could as well no use keys at all.
-- Cheers, Carlos E. R.
I am perfectly aware of that ;) This time only because coolo told us he'd replaced the key.. On the other hand, who would mess with opensuse's factory? To know the urls itself would mean a commitment to the distro's creators.. But i know, i am too positive again..:)) -- Enjoy your time around, Oddball (M9.) (Now or never...) OS: Linux 2.6.27.4-2-default x86_64 Huidige gebruiker: oddball@AMD64x2-sfn1 Systeem: openSUSE 11.1 Beta 4 (x86_64) KDE: 4.1.2 (KDE 4.1.2) "release 2.6" -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
On Mon, 10 Nov 2008, Stephan Kulow wrote:
ftp://ftp.gwdg.de/pub/opensuse/factory/repo/non-oss signature verification failed for content Yeah, we changed our signing key and this caused some problems. I hope this is easy and quick to fix.
I'm afraid I missed an announcement where the new key was proactively announced including it's fingerprint. If this is supposed to be the new standard key, when/how is this going to be published? Or will we revert to the original key? What is the "easy and quick fix" supposed to be? Me trusting the new key (without anyone confirming it's fingerprint), or something on the server side? Gerald -- Dr. Gerald Pfeifer E gp@novell.com SUSE Linux Products GmbH Director Inbound Product Mgmt T +49(911)74053-0 HRB 16746 (AG Nuremberg) openSUSE/SUSE Linux Enterprise F +49(911)74053-483 GF: Markus Rex -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Am Mittwoch 12 November 2008 schrieb Gerald Pfeifer:
On Mon, 10 Nov 2008, Stephan Kulow wrote:
ftp://ftp.gwdg.de/pub/opensuse/factory/repo/non-oss signature verification failed for content
Yeah, we changed our signing key and this caused some problems. I hope this is easy and quick to fix.
I'm afraid I missed an announcement where the new key was proactively announced including it's fingerprint.
If this is supposed to be the new standard key, when/how is this going to be published?
Or will we revert to the original key? What is the "easy and quick fix" supposed to be? Me trusting the new key (without anyone confirming it's fingerprint), or something on the server side?
If you install our products, you will get the new key. Greetings, Stephan -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
Le mercredi 12 novembre 2008, à 10:45 +0100, Stephan Kulow a écrit :
Am Mittwoch 12 November 2008 schrieb Gerald Pfeifer:
On Mon, 10 Nov 2008, Stephan Kulow wrote:
ftp://ftp.gwdg.de/pub/opensuse/factory/repo/non-oss signature verification failed for content
Yeah, we changed our signing key and this caused some problems. I hope this is easy and quick to fix.
I'm afraid I missed an announcement where the new key was proactively announced including it's fingerprint.
If this is supposed to be the new standard key, when/how is this going to be published?
Or will we revert to the original key? What is the "easy and quick fix" supposed to be? Me trusting the new key (without anyone confirming it's fingerprint), or something on the server side?
If you install our products, you will get the new key.
I think the issue is raised for people who don't install but just upgrade with zypper. How should those people handle the new key? Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wednesday, 2008-11-12 at 10:45 +0100, Stephan Kulow wrote:
Yeah, we changed our signing key and this caused some problems. I hope this is easy and quick to fix.
I'm afraid I missed an announcement where the new key was proactively announced including it's fingerprint.
If this is supposed to be the new standard key, when/how is this going to be published?
Or will we revert to the original key? What is the "easy and quick fix" supposed to be? Me trusting the new key (without anyone confirming it's fingerprint), or something on the server side?
If you install our products, you will get the new key.
I do install your products, and I did not get the new key. Ie, this is factory... the key change affects factory. You should have informed us. - -- Cheers, Carlos E. R. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.9 (GNU/Linux) iEYEARECAAYFAkkcwDkACgkQtTMYHG2NR9Vx/wCeOMcpG/ix+4tXd4B3ocolqOkX L88AnR7Fu5GOtlQhwpScr4SGYi7k9PFp =/2LP -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-factory+help@opensuse.org
participants (5)
-
Carlos E. R.
-
Gerald Pfeifer
-
Oddball
-
Stephan Kulow
-
Vincent Untz