On Tue, May 17, 2016 at 11:13:16AM +0200, Bjoern Voigt wrote:
Marcus Meissner wrote:
On Tue, May 17, 2016 at 10:39:48AM +0200, Bjoern Voigt wrote:
Is there a reliable source for verifying the PGP keys for extra and home repositories of the openSUSE build service?
Not all keys can be found in the public key servers (like https://sks-keyservers.net/i/). Where else can I find them all? You could download them from the OBS api directly over https.
e.g. like:
osc signkey home:msmeissn > msmeissn.asc Thanks. This is a very good solution. This hint should be documented more popular in the openSUSE end-user documentation (e.g. directly here: https://software.opensuse.org/). Currently it can be found, but only in openSUSE build service docs.
I found, that nobody signed the example home-key I used for testing. Is each developer responsible for distributing his key (e.g. on a keyserver) and that his contacts sign his key?
Basically yes, we are not doing the gpg tree of trust in the OBS. Ciao, Marcus -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org