On Thu, Jun 1, 2023 at 10:04 PM Till Dörges <doerges@pre-sense.de> wrote:
On 24.05.23 09:20, cagsm wrote:
how will the zypper dup work coming from 15.4? It appears that this problem hasn't been solved, yet. I just tried this on a fully patched 15.4: --- snip --- box154:~ # zypper clean -a box154:~ # zypper --releasever 15.5 ref [...] New repository or package signing key received:
Repository: Update repository of openSUSE Backports Key Fingerprint: F044 C2C5 07A1 262B 538A AADD 8A49 EB03 25DB 7AE0 Key Name: openSUSE:Backports OBS Project <openSUSE:Backports@build.opensuse.org> Key Algorithm: RSA 4096 Key Created: Wed May 10 16:46:12 2023 Key Expires: Sun May 9 16:46:12 2027 Rpm Name: gpg-pubkey-25db7ae0-645bae34 [...] Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): ^C --- snip ---
It would be nice if the new key landed automatically on *existing* 15.4 installations.
exactly, how is the transition from 15.4 leap install to 15.5 in terms of these seemingly endless security and trust related questions about unknown pgp keys, signatures, checksums and all this stuff can please somebody of the project and opensuse grandmasters answer this question. really do. how does the normal user trust your system and how does one build up a history of a long running opensuse experience and not always start life over with every new opensuse release? methinks i have come across these very same situations like the past ten or so years with my endeavors into the opensuse universe. and its always the same. this project simply doesnt seem to care about to publish their pgp keys properly transparently and very openly and in an organized way as a trustworthy project, so many things are left unanswered on even these fundamental levels. why wouldnt you already have published these keys into the still current 15.4 version of your operating system project and sign the new keys for example with the old keys and establish a chain of trust and all this how is the whole community dealing with this actually? do people just not care at all or can not decide and judge these situations and click left and right everything that comes along their way and pops up infront of them? :(