31 Oct
2012
31 Oct
'12
8:37 a.m.
Hi,
Could someone please setup a wiki page (in case there isn't one yet),
so we can add a link to software.o.o? That would be cool.
Greetings, Stephan
-------- Original Message --------
Subject: verify download
Date: Wed, 31 Oct 2012 08:01:20 -0400
From: Tom Horsley <X(a)gmail.com>
To: admin(a)opensuse.org
On the web page http://software.opensuse.org/122/en there is a
section on verifying the download. I just spent an hour trying to
discover how the hell to actually use the dadgum .asc file,
how to download the signing key with --recv-key, etc.
Do you think you could link to some more detailed instructions
there somewhere (cause I'm not gonna remember any of this
by the time I want to verify the next release).
Thanks.
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
31 Oct
31 Oct
1:18 p.m.
On Wed, 2012-10-31 at 13:37 +0100, Stephan Kulow wrote:
Hi,
Could someone please setup a wiki page (in case there isn't one yet),
so we can add a link to software.o.o? That would be cool.
Greetings, Stephan
-------- Original Message --------
Subject: verify download
Date: Wed, 31 Oct 2012 08:01:20 -0400
From: Tom Horsley <X(a)gmail.com>
To: admin(a)opensuse.org
On the web page http://software.opensuse.org/122/en there is a
section on verifying the download. I just spent an hour trying to
discover how the hell to actually use the dadgum .asc file,
how to download the signing key with --recv-key, etc.
Do you think you could link to some more detailed instructions
there somewhere (cause I'm not gonna remember any of this
by the time I want to verify the next release).
Thanks.
There is something at http://en.opensuse.org/SDB:Download_help#Checksums
but that lacks the .asc method and needs some improvements, I'll look
into it.
--
Marcel Kühlhorn
freenode: tux93
Have a lot of fun!
3:45 p.m.
On Wed, 2012-10-31 at 18:18 +0100, Marcel Kühlhorn wrote:
On Wed, 2012-10-31 at 13:37 +0100, Stephan Kulow
wrote:
Done, now someone with the permissions needs to review and accept the
changes.
--
Marcel Kühlhorn
freenode: tux93
Have a lot of fun!
Hi,
Could someone please setup a wiki page (in case there isn't one yet),
so we can add a link to software.o.o? That would be cool.
Greetings, Stephan
-------- Original Message --------
Subject: verify download
Date: Wed, 31 Oct 2012 08:01:20 -0400
From: Tom Horsley <X(a)gmail.com>
To: admin(a)opensuse.org
On the web page http://software.opensuse.org/122/en there is a
section on verifying the download. I just spent an hour trying to
discover how the hell to actually use the dadgum .asc file,
how to download the signing key with --recv-key, etc.
Do you think you could link to some more detailed instructions
there somewhere (cause I'm not gonna remember any of this
by the time I want to verify the next release).
Thanks.
There is something at http://en.opensuse.org/SDB:Download_help#Checksums
but that lacks the .asc method and needs some improvements, I'll look
into it.
1 Nov
1 Nov
6:31 a.m.
Op woensdag 31 oktober 2012 20:45:30 schreef Marcel Kühlhorn:
On Wed, 2012-10-31 at 18:18 +0100, Marcel Kühlhorn
wrote:
I tried the gpg stuff and as such the commands do work.
To verify the fingerprint the command
gpg --fingerprint "openSUSE Project Signing Key <opensuse(a)opensuse.org>"
should be added.
I also tried gpg -a "openSUSE-12.2-DVD-x86_64.iso.asc" and the result is:
gpg: Signature made Thu Aug 30 12:02:40 2012 CEST using RSA key ID 3DBDC284
gpg: Good signature from "openSUSE Project Signing Key
<opensuse(a)opensuse.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
Something should be added about the warning.
--
fr.gr.
Freek de Kruijf
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Wed, 2012-10-31 at 13:37 +0100, Stephan Kulow
wrote:
Done, now someone with the permissions needs to review and accept the
changes. Hi,
Could someone please setup a wiki page (in case there isn't one yet),
so we can add a link to software.o.o? That would be cool.
Greetings, Stephan
-------- Original Message --------
Subject: verify download
Date: Wed, 31 Oct 2012 08:01:20 -0400
From: Tom Horsley <X(a)gmail.com>
To: admin(a)opensuse.org
On the web page http://software.opensuse.org/122/en there is a
section on verifying the download. I just spent an hour trying to
discover how the hell to actually use the dadgum .asc file,
how to download the signing key with --recv-key, etc.
Do you think you could link to some more detailed instructions
there somewhere (cause I'm not gonna remember any of this
by the time I want to verify the next release).
Thanks.
There is something at http://en.opensuse.org/SDB:Download_help#Checksums
but that lacks the .asc method and needs some improvements, I'll look
into it. 
7:08 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2012-11-01 11:31, Freek de Kruijf wrote:
I also tried gpg -a
"openSUSE-12.2-DVD-x86_64.iso.asc" and the
result is:
gpg: Signature made Thu Aug 30 12:02:40 2012 CEST using RSA key ID
3DBDC284
gpg: Good signature from "openSUSE Project Signing Key
<opensuse(a)opensuse.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
the owner. Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA
B88B 2FD4 3DBD C284
Something should be added about the warning.
The warning is correct, and will be there until _you_ sign the key.
- --
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 "Celadon" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iF4EAREIAAYFAlCSWEkACgkQja8UbcUWM1wGxAD9FZs5HvVHSse4yOvbL/C947o4
w6KWd0bGzXNxnV5aWHABAJaOI8umkUIttJVk7p0wuloRuVexzfkt/KQttWc0cFeb
=0AHp
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
7:22 a.m.
Op donderdag 1 november 2012 12:08:57 schreef Carlos E. R.:
On 2012-11-01 11:31, Freek de Kruijf wrote:
I know, but a innocent user might get confused, so something like
You get a warning "This key is not certified with a trusted signature!"
However when the fingerprint mentioned below the warning is equal to the one
below this text, you can trust the .iso file.
Unfortunately I can't login in the wiki, so I can't make this change.
--
fr.gr.
Freek de Kruijf
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
I also tried gpg -a
"openSUSE-12.2-DVD-x86_64.iso.asc" and the
result is:
gpg: Signature made Thu Aug 30 12:02:40 2012 CEST using RSA key ID
3DBDC284
gpg: Good signature from "openSUSE Project Signing Key
<opensuse(a)opensuse.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to
the owner. Primary key fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA
B88B 2FD4 3DBD C284
Something should be added about the warning.
The warning is correct, and will be there until _you_ sign the key.
7:28 a.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2012-11-01 12:22, Freek de Kruijf wrote:
True. We had a longish discussion in the forums precisely because of this.
Op donderdag 1 november 2012 12:08:57 schreef Carlos
E. R.:
The warning is
correct, and will be there until _you_ sign the
key.
I know, but a innocent user might get confused, so something like You get a warning "This key is not certified with
a trusted
signature!" However when the fingerprint mentioned below the
warning is equal to the one below this text, you can trust the .iso
file.
You have to also mention to read gpg documentation on the web of trust
for more info about the message.
Unfortunately I can't login in the wiki, so I
can't make this
change.
I probably can, but I'm away and thus with a 500 MB/month cap, so I
can't risk it. Minimal web browsing. :-(
- --
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 "Celadon" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iF4EAREIAAYFAlCSXMIACgkQja8UbcUWM1zCYwD/UY50qPKv5NqTFfR02UsA8Yh2
zHA3p62yPZkLxLWNs9YA/0ZzJ2XAAFmHn4HVSWFCUzwFnM1UhP4uiBMQFqF43CdX
=iKT0
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
6 Nov
6 Nov
3:59 p.m.
On Thursday 01 November 2012 12:28:02 Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2012-11-01 12:22, Freek de Kruijf wrote:
I tried to make the change but please check it. I have no clue what I'm
doing - just copying what you guys wrote in the mails:
http://en.opensuse.org/SDB:Download_help#Using_Linux
/Jos
Op donderdag 1 november 2012 12:08:57 schreef
Carlos E. R.:
True. We had a longish discussion in the forums precisely because of this.
The warning is correct, and will be there until
_you_ sign the
key.
I know, but a innocent user might get confused, so something like You get a warning "This key is not certified
with a trusted
signature!" However when the fingerprint mentioned below the
warning is equal to the one below this text, you can trust the .iso
file.
You have to also mention to read gpg documentation on the web of trust
for more info about the message.
Unfortunately I can't login in the wiki, so I
can't make this
change.
I probably can, but I'm away and thus with a 500 MB/month cap, so I
can't risk it. Minimal web browsing. :-( - --
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 "Celadon" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iF4EAREIAAYFAlCSXMIACgkQja8UbcUWM1zCYwD/UY50qPKv5NqTFfR02UsA8Yh2
zHA3p62yPZkLxLWNs9YA/0ZzJ2XAAFmHn4HVSWFCUzwFnM1UhP4uiBMQFqF43CdX
=iKT0
-----END PGP SIGNATURE-----
4:06 p.m.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
On 2012-11-06 21:59, Jos Poortvliet wrote:
On Thursday 01 November 2012 12:28:02 Carlos E. R.
wrote: On
2012-11-01 12:22, Freek de Kruijf wrote:
I tried to make the change but please check it. I have
no clue what
I'm doing - just copying what you guys wrote in the mails:
http://en.opensuse.org/SDB:Download_help#Using_Linux
Fine, looks very good to me, thanks :-)
- --
Cheers / Saludos,
Carlos E. R.
(from 11.4 x86_64 "Celadon" (Minas Tirith))
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/
iF4EAREIAAYFAlCZe9oACgkQja8UbcUWM1ypVwD/dTrBeDxbVtltK8RFuGua2CPn
NQnOyoHEFnOrypngG3AA/iUfvP/g3BfN/CdSkPIs5aPL7xLkZERvWPv2oVtQX580
=KC8R
-----END PGP SIGNATURE-----
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
5:43 p.m.
Op dinsdag 6 november 2012 22:06:34 schreef Carlos E. R.:
On 2012-11-06 21:59, Jos Poortvliet wrote:
+1
--
fr.gr.
Freek de Kruijf
--
To unsubscribe, e-mail: opensuse-project+unsubscribe(a)opensuse.org
To contact the owner, email: opensuse-project+owner(a)opensuse.org
On Thursday 01 November 2012 12:28:02 Carlos E.
R. wrote: On
2012-11-01 12:22, Freek de Kruijf wrote:
I tried to make the change but please check it. I have no clue what
I'm doing - just copying what you guys wrote in the mails:
http://en.opensuse.org/SDB:Download_help#Using_Linux
Fine, looks very good to me, thanks :-)
3003
days inactive
3009
days old
9 comments
5 participants
participants (5)
-
Carlos E. R. -
Freek de Kruijf -
Jos Poortvliet -
Marcel Kühlhorn -
Stephan Kulow