On Fri, Mar 14, 2008 at 12:10:43AM +0100, Pascal Bleser wrote:
|> There is also the question of how to distribute the public key for a |> debian repository. As I understand it debian repositories do not |> normally contain the public key as in most openSUSE repositories[5]. |> The .apt format proposal has the public key included in the file. This |> is one possibility, although in my opinion it would be better to have |> it available in the repositories like openSUSE, this would allow other |> mechanisms for adding the repository to locate the key as well. Bear |> in mind that one of the requirements is to keep the file format as |> simple as possible, the less information that is mandatory in the file |> the better. | | <repository> | ... | <pubkey href="http://example.com/p.key"/> | or | <pubkey> | -----BEGIN PGP PUBLIC KEY BLOCK----- | Version: GnuPG v1.4.2.2 (GNU/Linux) | | mQGiBD/G9AgRBACZ519LX9cdoyJA+7gmWC+mUsiyPhnmMWu4uOg0M+vb/JPtDdfc | ... | </pubkey> | or, if not specified, it defaults to the usual suse location, for | backwards compatibility. | </repository> | | Well, reagrding signing the YMPs themselves, we may have a clash | between GPG and XML, I don't know how to resolve that.
Indeed. Even if the risk of collisions isn't as high when using a CDATA section: <repository> ~ ... ~ <pubkey><![CDATA[ - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v1.4.2.2 (GNU/Linux)
mQGiBD/G9AgRBACZ519LX9cdoyJA+7gmWC+mUsiyPhnmMWu4uOg0M+vb/JPtDdfc ... ]]> </pubkey>
But still. If the ASCII-armoured PGP public key token includes the sequence "]]>" then it will break.
No, that is not a problem. The characters used are [A-Za-z0-9/+] and these don't need escaping: http://en.wikipedia.org/wiki/Base64#OpenPGP What I meant was that signing a file can be done by wrapping its contents in the GPG signature, which obviously breaks XML well-formedness. But this is actually not a big problem since we are used to detached signatures like repomd.xml has repomd.xml.asc. -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu -- To unsubscribe, e-mail: opensuse-softwaremgmt+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-softwaremgmt+help@opensuse.org