Feature changed by: Marcus Meissner (msmeissn) Feature #324163, revision 5 Title: Embed GPG key in the .YMP files of meta-package-handler Requested by: Marcus Meissner (msmeissn) Partner organization: openSUSE.org Description: Security is currently trying to improve the security of adding additional package repositories. We are trying to add https support to download.opensuse.org and software.opensuse.org provided repository URLs. One suggestion from a openSUSE user was to add GPG keys in the Yast Metapackage YMP files. Can we embed GPG files into the YMP files and have the yast2-meta- package-handler handle it? Relations: - trackerbug (bugzilla/id: 1060955) Use Case: - We want to safely enable repositories. - software.opensuse.org has gained https support and we can now download . - YMP files over https connection. + We want to safely enable repositories supplyable by searchable + interfaces. + For instance software.opensuse.org has gained https support and we can + now download .YMP files over https connection. But the repositories listed inside are "http" as long as we have not converted the download.opensuse.org framework to be https capable. So an idea by a community user was to include the GPG information within the .YMP file, so addition of repositories and establishing trust could happen at the same time. + On clicking the YMP file, the repositories would be added and the GPG + keys supplied into the RPM keyring. -- openSUSE Feature: https://features.opensuse.org/324163