Hi Albert,

Hi!

The key

build@suse.de ID 9C800ACA 1024 bit DSA key, expires 2002-10-19

has expired two days ago. Unfortunately, the security updates are still signed with this key, which prevents the verification of their validity. Furthermore, I haven't found a reference to the new key @www.suse.com.

Please publish a new key and use it to sign all packages.

You should direct this kind of questions to security@suse.de. It's good luck that the security team read suse-security@ every once in a while. There are four sources for this key: 1. the first CD contains the keyring in the root directory. 2. It is on ftp://ftp.suse.com/pub/suse/pubring.gpg-build.suse.de 3. It is on http://www.suse.de/de/security/build_security_pgp.html 4. It is contained in the package suse-build-key, or aaa_base in older distributions. 5. It is on the keyservers. I use blackhole.pca.dfn.de. I have prolonged the key's expiration date earlier this year, and since the key is only used by the system to verify rpm signatures, it shouldn't cause any harm to have an expired key in the keyring. If you feel annoyed by this fact, you can simply import the key again from one of the sources above. Problems: 1. We have failed to bring the updated key to the CD. 3. updated yesterday. 4. Sould be fine in 8.1. 5. is updated since some days.

Best regards,

Albert Brandl

Thanks, Roman. -- - - | Roman Drahtmüller <draht@suse.de> // "You don't need eyes to see, | SuSE Linux AG - Security Phone: // you need vision!" | Nürnberg, Germany +49-911-740530 // Maxi Jazz, Faithless | - -