[opensuse-security] What's the matter with the OBS PGP keys?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 They are all obsolete. Just a sample: pub 1024D/BD6D129A 2008-01-22 [expired: 2010-04-01] uid Apache OBS Project <Apache@build.opensuse.org> pub 1024D/6B9D6523 2006-05-24 [expired: 2008-05-23] uid openSUSE Build Service <buildservice@opensuse.org> pub 1024D/9C800ACA 2000-10-19 [expired: 2010-05-05] uid SuSE Package Signing Key <build@suse.de> Worse, it is useless to try update from the key server network. And yes, there is a bugzilla. No reply in several days. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxXddwACgkQU92UU+smfQVrcwCgjA4/qnXMn0fpuWeJqX71MKHS kZIAnjOKsQCt9DSd0q+gS6cmfjy0HiEs =+6F2 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Aug 03, 2010 at 03:50:20AM +0200, Carlos E. R. wrote:
They are all obsolete.
Just a sample:
pub 1024D/BD6D129A 2008-01-22 [expired: 2010-04-01] uid Apache OBS Project <Apache@build.opensuse.org>
Needs to be extended by Apache project owner.
pub 1024D/6B9D6523 2006-05-24 [expired: 2008-05-23] uid openSUSE Build Service <buildservice@opensuse.org>
Not really sure if this one is used anymore. Did you see it used by any repo? We use RSA keys in current setups to have the longer checksums.
pub 1024D/9C800ACA 2000-10-19 [expired: 2010-05-05] uid SuSE Package Signing Key <build@suse.de>
Was pushed out via suse-build-key/openSUSE-build-key updates, but not to the keyservers ... I did that now for all the ones.
Worse, it is useless to try update from the key server network.
And yes, there is a bugzilla. No reply in several days.
If you reference a Bugzilla entry in a mail, please always state the bugzilla number, so no one has to ask for it. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 09:39, Marcus Meissner wrote:
On Tue, Aug 03, 2010 at 03:50:20AM +0200, Carlos E. R. wrote:
They are all obsolete.
Just a sample:
pub 1024D/BD6D129A 2008-01-22 [expired: 2010-04-01] uid Apache OBS Project <Apache@build.opensuse.org>
Needs to be extended by Apache project owner.
That was just a sample, I have been told that all repos are affected. And, AFAIK, there is no way to contact OBS maintainers.
pub 1024D/6B9D6523 2006-05-24 [expired: 2008-05-23] uid openSUSE Build Service <buildservice@opensuse.org>
Not really sure if this one is used anymore. Did you see it used by any repo? We use RSA keys in current setups to have the longer checksums.
I don't know, but it appeared in my key ring after importing keys from two repos. I was just testing to replicate what another person had said in the forum. So I think that yes, it is in use, but I don't remember where from. Ah, yes, it is in the download history of firefox: http://download.opensuse.org/repositories/GNOME:/STABLE:/2.30/openSUSE_11.3/... As I said, that just a sample, random, test. The claim is that all 11.3 repos are affected - which of course means all the repos the original reporter in the opensuse.org.help.applications forum tried to add.
pub 1024D/9C800ACA 2000-10-19 [expired: 2010-05-05] uid SuSE Package Signing Key <build@suse.de>
Was pushed out via suse-build-key/openSUSE-build-key updates, but not to the keyservers ... I did that now for all the ones.
Unfortunately, unless you did that very recently, not all keyservers have it. As I commented to Stephan a minute ago, wwwkeys.eu.pgp.net has it, but pgp.mit.edu and keyserver.pgp.com doesn't.
And yes, there is a bugzilla. No reply in several days.
If you reference a Bugzilla entry in a mail, please always state the bugzilla number, so no one has to ask for it.
That was a note so that nobody asked me to write a bugzilla >:-) Ok, it is "626876". - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxX3Q0ACgkQU92UU+smfQUf6ACgjCRuhvOhq6ftfhnIitKJDauh +CYAn32TodmtUS4qqBGbA3XRuqfDt7aG =BLpU -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On 2010-08-03 11:10:37 +0200, Carlos E. R. wrote:
On 2010-08-03 09:39, Marcus Meissner wrote:
On Tue, Aug 03, 2010 at 03:50:20AM +0200, Carlos E. R. wrote:
They are all obsolete.
Just a sample:
pub 1024D/BD6D129A 2008-01-22 [expired: 2010-04-01] uid Apache OBS Project <Apache@build.opensuse.org>
Needs to be extended by Apache project owner.
That was just a sample, I have been told that all repos are affected. And, AFAIK, there is no way to contact OBS maintainers.
1. there is a bug icon on the show project page, which gives you a nice "report a bug" link with the important fields prefilled already. This even works without logging in! 2. you got a bugzilla account. then you can login to the obs and go to https://build.opensuse.org/project/users?project=Apache each name has a nice mailto: link. so claiming "there is no way to contact obs maintainer" is just wrong. i extended the apache project key please stay on facts and dont claim wrong things. darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 12:14, Marcus Rueckert wrote:
On 2010-08-03 11:10:37 +0200, Carlos E. R. wrote:
On 2010-08-03 09:39, Marcus Meissner wrote:
On Tue, Aug 03, 2010 at 03:50:20AM +0200, Carlos E. R. wrote:
They are all obsolete.
Just a sample:
pub 1024D/BD6D129A 2008-01-22 [expired: 2010-04-01] uid Apache OBS Project <Apache@build.opensuse.org>
Needs to be extended by Apache project owner.
That was just a sample, I have been told that all repos are affected. And, AFAIK, there is no way to contact OBS maintainers.
1. there is a bug icon on the show project page, which gives you a nice "report a bug" link with the important fields prefilled already. This even works without logging in!
Link, please?
2. you got a bugzilla account. then you can login to the obs and go to https://build.opensuse.org/project/users?project=Apache each name has a nice mailto: link.
No! ALL, I repeat, *ALL* 11.3 repos are affected. Am I to report the issue on every single project? I am not using 11.3, I'm just a person forwarding a problem found in the forums by other people that are, it seems, not active in the mail lists and not familiar with Bugzilla. Can't you just find a way to verify that claim, as an insider, with tools that I do not have, and inform ALL the people affected? I can not do that, and I'm not affected. Gosh! How difficult you make things! :-/
so claiming "there is no way to contact obs maintainer" is just wrong.
No published way that I can know of. +++··································· <http://en.opensuse.org/Special:Search?search=how%20to%20contact%20obs%20maintainer> Search results tagline: From openSUSE No page title matches There is no page titled "how to contact obs maintainer". ···································++- There is no contact information in <http://en.opensuse.org/Package_repositories> There is no entry in Bugzilla for OBS, which is the standard openSUSE method of reporting bugs. There is no README in <http://download.opensuse.org/repositories/> or <http://download.opensuse.org/repositories/Apache/openSUSE_11.3/> where I can see how to contact them. If I open YAST, repo management, I don't see a button to display information about each repo, including who to contact.
i extended the apache project key
Thanks, but that was just a sample project tested. The claim is that all projects are affected. And it is not mine, I'm just the messenger. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxX8FwACgkQU92UU+smfQVyOACdE/0E9x/30Q0busrQGJQa4gsb I40An2tX6QEtUELGQaMuJ+v1HHZz7vRW =H//o -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On 2010-08-03 12:33:00 +0200, Carlos E. R. wrote:
Link, please?
https://build.opensuse.org/project/show?project=Apache
2. you got a bugzilla account. then you can login to the obs and go to https://build.opensuse.org/project/users?project=Apache each name has a nice mailto: link.
No! ALL, I repeat, *ALL* 11.3 repos are affected. Am I to report the issue on every single project?
given we created almost all project keys at the same time. of course they all expired around the same time.
I am not using 11.3, I'm just a person forwarding a problem found in the forums by other people that are, it seems, not active in the mail lists and not familiar with Bugzilla.
Can't you just find a way to verify that claim, as an insider, with tools that I do not have, and inform ALL the people affected?
http://build.opensuse.org/ is not an insider tool.
I can not do that, and I'm not affected.
Gosh! How difficult you make things! :-/
so claiming "there is no way to contact obs maintainer" is just wrong.
No published way that I can know of.
+++··································· <http://en.opensuse.org/Special:Search?search=how%20to%20contact%20obs%20maintainer>
you won the AI to create the wiki page. ;) darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 12:41, Marcus Rueckert wrote:
On 2010-08-03 12:33:00 +0200, Carlos E. R. wrote:
Link, please?
No mantainer or contact info there as far as I can see. If i link on the "Advanced" tab, then "users" tab, I get a list of users, I get a list, one of them named as bugowner, but it is not clickable. There is a link below named "Reporting a Bug", that goes to "http://en.opensuse.org/Submit_a_Bug", which is an empty, and I'm prompted to log in and create it. So?
2. you got a bugzilla account. then you can login to the obs and go to https://build.opensuse.org/project/users?project=Apache each name has a nice mailto: link.
No! ALL, I repeat, *ALL* 11.3 repos are affected. Am I to report the issue on every single project?
given we created almost all project keys at the same time. of course they all expired around the same time.
So? Nobody takes responsibility on repairing the issue? Do I tell the people not able to add repos to go to Fedora, instead?
I am not using 11.3, I'm just a person forwarding a problem found in the forums by other people that are, it seems, not active in the mail lists and not familiar with Bugzilla.
Can't you just find a way to verify that claim, as an insider, with tools that I do not have, and inform ALL the people affected?
http://build.opensuse.org/ is not an insider tool.
It is. There is no info for outsiders there. You may know of a method of verifying who has a bad key, and how to contact all of them, as an insider. I can't. Ok, I quit. It is not my problem, anyway. I'm tired of this. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYBoMACgkQU92UU+smfQURjwCghYyXqzrv1qfwkmTaRvZBVU9M wqwAmweumyz9Uq4zlu14U8NlFZRuXtGM =Z/B9 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, Aug 03, 2010 at 02:07:31PM +0200, Carlos E. R. wrote:
On 2010-08-03 12:41, Marcus Rueckert wrote:
On 2010-08-03 12:33:00 +0200, Carlos E. R. wrote:
Link, please?
No mantainer or contact info there as far as I can see.
If i link on the "Advanced" tab, then "users" tab, I get a list of users, I get a list, one of them named as bugowner, but it is not clickable. There is a link below named "Reporting a Bug", that goes to "http://en.opensuse.org/Submit_a_Bug", which is an empty, and I'm prompted to log in and create it.
So?
This link was fixed.
2. you got a bugzilla account. then you can login to the obs and go to https://build.opensuse.org/project/users?project=Apache each name has a nice mailto: link.
No! ALL, I repeat, *ALL* 11.3 repos are affected. Am I to report the issue on every single project?
given we created almost all project keys at the same time. of course they all expired around the same time.
So?
Nobody takes responsibility on repairing the issue? Do I tell the people not able to add repos to go to Fedora, instead?
Wel, darix (Marcus Rueckert) took it, he posted on opensuse-packaging and -buildservice and lots of repos have been updated already. Also, I guess it would be possible to add the repos even with expired keys. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 17:23, Marcus Meissner wrote:
On Tue, Aug 03, 2010 at 02:07:31PM +0200, Carlos E. R. wrote:
So?
Nobody takes responsibility on repairing the issue? Do I tell the people not able to add repos to go to Fedora, instead?
Wel, darix (Marcus Rueckert) took it, he posted on opensuse-packaging and -buildservice and lots of repos have been updated already.
The bug has been repeatedly closed as WONTFIX. That's the only point where official reports should be made, and as I'm not a packager I don't follow that list. I have no way of knowing if anybody is telling on one place that it is not going to be fixed, SHOOOO! go away, and then, doing something else to repair it, or actually repairing anything. :-/ We tell people how fantastic is openSUSE with a zillion packages in the fantastic Build Service, but god help anybody having to report a problem with an OBS package, because it will be WONTFIXED. Who cares?
Also, I guess it would be possible to add the repos even with expired keys.
I have no way to know which they are, except by manually wgetting all of them, one by single one, importing to gpg, one by one, then verifying, one by one, then reporting, one by one finding the maintainer and mailing them, one by one. No, thanks. I'm very tired of all this. Next time I'll just shut up :-/ I'm sorry, I'm not mad at you; you just happen to be there. I'm mad at the system. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYOX8ACgkQU92UU+smfQXrjQCfTPBopgzHebao0HcEyhx1qLbJ pM8AnRqiCOrHS7sFrFKhZ8fhaVKYK9mp =e5Ya -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
hi, If you would handle the whole issue a bit less emo and would work on a solution pragmatically instead, we would be much further in solving the issue. A tutorial has be posted on the 2 big packaging related lists to remind people to check their project keys. And people already looked into their projects. And i will see if i can come up with a script to find all expired keys. Complaining on as many channels as possible doesnt really get the issue forward. darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
And i will see if i can come up with a script to find all expired keys.
Might be worthwhile reporting (alerting package maintainers) for any keys going to expire in the next month / 6 weeks ... David -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On Tue, 03 Aug 2010, 18:06:47 +0200, Administrator wrote:
And i will see if i can come up with a script to find all expired keys.
Might be worthwhile reporting (alerting package maintainers) for any keys going to expire in the next month / 6 weeks ...
Another question which comes up immediately is, will the packages contained in the related repositories be re-signed with the new key? I'm asking because I recently found that the KDE:/KDE3/SLE_11 repository had a new key, but some packages in that repo were still signed with the old key... This is especially bad if you're just setting up a new system where you cannot import the old key anymore :-( Cheers. l8er manfred -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 17:55, Marcus Rueckert wrote:
hi,
If you would handle the whole issue a bit less emo and would work on a solution pragmatically instead, we would be much further in solving the issue.
Which nobody told me what would be. Just a line: "thanks for the report, we'll handle this in the {something} list" would have been enough. Instead, I got a bashing.
A tutorial has be posted on the 2 big packaging related lists to remind people to check their project keys. And people already looked into their projects.
Thanks.
And i will see if i can come up with a script to find all expired keys.
Thanks.
Complaining on as many channels as possible doesnt really get the issue forward.
I complained on bugzilla, got no reply, for something that is security related and thus urgent. After a day or two, I wrote to the project list. After getting no replies, I wrote to the security list. What did you expect me to do? I have been very patient. I only lost the nerve when told to shut up. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYdcMACgkQU92UU+smfQVlCgCfRAsAjZGaauZF2IXDGQbyHNGh NDcAn2Vo1Ad0SpIdn13Du7k+tXUJ3mq4 =/269 -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hello, Am Dienstag, 3. August 2010 schrieb Marcus Meissner:
Also, I guess it would be possible to add the repos even with expired keys.
Yes, it is. IIRC zypper (on 11.3) does not even warn about the expired key when adding a repo :-/ - at least I don't remember such a warning when adding my home:cboltz repo on a new server some days ago. (In the meantime I extended the key, you'll have to find another test object ;-) Is this expected behaviour or should I open a bugreport? Gruß Christian Boltz -- Die Wahrscheinlichkeit, daß sich: Message-Id: <1093808348.5574.1.camel@ratti> wiederholt, ist so gering, daß ich mich vorher lieber um eine unterbrechnungsfreie Stromversorgung, einen Wachdienst vor der Haustür und einen Atombunker kümmern sollte, weil die Wahrscheinlichkeit eines Mailverlusts durch diese Ereignisse deutlich größer ist. [Ratti in suse-linux] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 22:19, Christian Boltz wrote:
Hello,
Am Dienstag, 3. August 2010 schrieb Marcus Meissner:
Also, I guess it would be possible to add the repos even with expired keys.
Yes, it is. IIRC zypper (on 11.3) does not even warn about the expired key when adding a repo :-/ - at least I don't remember such a warning when adding my home:cboltz repo on a new server some days ago. (In the meantime I extended the key, you'll have to find another test object ;-)
It does complain. See coment #7 from Jon Cosby in the bugzilla. - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxYhIwACgkQU92UU+smfQXkiwCeOn4lhVp5oiaCZ67Tzz2KRHet GgYAoJBQkuhCDVkzqu06tGn+QORpYSD9 =YigR -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
Hello, Am Dienstag, 3. August 2010 schrieb Marcus Rueckert:
1. there is a bug icon on the show project page, which gives you a nice "report a bug" link with the important fields prefilled already. This even works without logging in!
Well, it will require a login in bugzilla ;-) The bad thing is that the "report a bug" link exposes mail adresses to spammers :-( The link looks like this: (line breaks added for readability, mail address changed) <a href="https://bugzilla.novell.com/enter_bug.cgi?classification=7340&; product=openSUSE.org&component=3rd%20party%20software& assigned_to=foo@example.com <---------------- spammer food &short_desc=home:cboltz:%20Bug"> I see two options to make this link spammer-proof: a) easy to implement: show it only after login (downside: it makes it harder for an average user to report a bug) b) more implementation work, but user-friendly: place a script on bugzilla.novell.com that can "translate" usernames to mail addresses, so that the link can look like this: https://bugzilla.novell.com/enter_obs_bug.cgi? assigned_to=cboltz <----------- username instead of mail address &short_desc=home:cboltz:%20Bug"> The username is useless for spammers. Problem solved. Additionally the link can be shorter because some parameters are equal on all OBS projects. The enter_obs_bug.cgi script has to do the following things: 1. enforce bugzilla login 2. look up the mail address for the given username 3. redirect to enter_bug.cgi with the correct parameters, including the mail address for assigned_to=... Regards, Christian Boltz --
The kernel will stay the same between SUSE Linux 10.1 and SLE10 - it just might be that we release them at different days, Good. Let the SLED customers test it for us first ;) [> Andreas Jaeger and Martin Schlander in opensuse] -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
On 2010-08-03 11:10:37 +0200, Carlos E. R. wrote:
pub 1024D/6B9D6523 2006-05-24 [expired: 2008-05-23] uid openSUSE Build Service <buildservice@opensuse.org> [snip] http://download.opensuse.org/repositories/GNOME:/STABLE:/2.30/openSUSE_11.3/...
the gnome project runs their own key: gpg --fingerprint 629FF0C2 pub 1024D/629FF0C2 2008-01-22 [expires: 2012-10-11] Key fingerprint = D3CA F513 5D0A 8F97 AB53 9ED3 65A8 6F31 629F F0C2 uid GNOME OBS Project <GNOME@build.opensuse.org> darix -- openSUSE - SUSE Linux is my linux openSUSE is good for you www.opensuse.org -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2010-08-03 12:26, Marcus Rueckert wrote:
On 2010-08-03 11:10:37 +0200, Carlos E. R. wrote:
pub 1024D/6B9D6523 2006-05-24 [expired: 2008-05-23] uid openSUSE Build Service <buildservice@opensuse.org> [snip] http://download.opensuse.org/repositories/GNOME:/STABLE:/2.30/openSUSE_11.3/...
the gnome project runs their own key: gpg --fingerprint 629FF0C2 pub 1024D/629FF0C2 2008-01-22 [expires: 2012-10-11] Key fingerprint = D3CA F513 5D0A 8F97 AB53 9ED3 65A8 6F31 629F F0C2 uid GNOME OBS Project <GNOME@build.opensuse.org>
darix
That's just another sample repo I tested. *ALL* are affected (not my claim). - -- Cheers / Saludos, Carlos E. R. (from 11.2 x86_64 "Emerald" GM (Elessar)) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.12 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org/ iEYEARECAAYFAkxX8K8ACgkQU92UU+smfQWSiwCfW9c+ge6koUf6VbRL+QJ2PnIS 1gYAn30z3vb1TMjEqpP+4Utr7NIJSn3w =Kq+i -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org
participants (6)
-
Administrator -
Carlos E. R. -
Christian Boltz -
Manfred Hollstein -
Marcus Meissner -
Marcus Rueckert