Op zondag 18 december 2005 10:50, schreef MJang:

Folks,

per http://www.opensuse.org/Additional_YaST_Package_Repositories, there's a bit of a warning:

YaST fully trusts installation sources and does not perform any kind of authenticity verification on the contained packages. So be careful when adding installation sources on the Internet.

I guess that means there's no GPG key for other installation sources.

Is there any other way to verify installation sources, such as Packman or Guru, or even the standard mirrors listed at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html, or am I just being paranoid?

You can use apt. It check each package on each gpg key. Further more it is easy to obtain the gpg keys. More about it on http://linux01.gwdg.de/apt4rpm However, suse is moving into yum and smartpm... -- Richard Bos Without a home the journey is endless

MJang:

Folks,

per http://www.opensuse.org/Additional_YaST_Package_Repositories, there's a bit of a warning:

YaST fully trusts installation sources and does not perform any kind of authenticity verification on the contained packages. So be careful when adding installation sources on the Internet.

I guess that means there's no GPG key for other installation sources.

Is there any other way to verify installation sources, such as Packman or Guru, or even the standard mirrors listed at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html, or am I just being paranoid?

Thanks, Mike

Guru's RPM Signing Key rpm --import http://linux01.gwdg.de/~pbleser/guru-rpm.asc

Op zondag 18 december 2005 10:50, schreef MJang:

Folks,

per http://www.opensuse.org/Additional_YaST_Package_Repositories, there's a bit of a warning:

YaST fully trusts installation sources and does not perform any kind of authenticity verification on the contained packages. So be careful when adding installation sources on the Internet.

I guess that means there's no GPG key for other installation sources.

Is there any other way to verify installation sources, such as Packman or Guru, or even the standard mirrors listed at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html, or am I just being paranoid?

You can use apt. It check each package on each gpg key. Further more it is easy to obtain the gpg keys. More about it on http://linux01.gwdg.de/apt4rpm However, suse is moving into yum and smartpm... -- Richard Bos Without a home the journey is endless

MJang:

Folks,

per http://www.opensuse.org/Additional_YaST_Package_Repositories, there's a bit of a warning:

YaST fully trusts installation sources and does not perform any kind of authenticity verification on the contained packages. So be careful when adding installation sources on the Internet.

I guess that means there's no GPG key for other installation sources.

Is there any other way to verify installation sources, such as Packman or Guru, or even the standard mirrors listed at http://www.novell.com/products/suselinux/downloads/ftp/int_mirrors.html, or am I just being paranoid?

Thanks, Mike

Guru's RPM Signing Key rpm --import http://linux01.gwdg.de/~pbleser/guru-rpm.asc