[Bug 461957] Please make available the PGP key IDs on a non wiki web page

http://bugzilla.opensuse.org/show_bug.cgi?id=461957 http://bugzilla.opensuse.org/show_bug.cgi?id=461957#c6 Andreas Stieger changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |ma@suse.com --- Comment #6 from Andreas Stieger --- (In reply to Carlos Robinson from comment #0)

And of course, keys must be signed by a master key, forming a web of trust.

Being signed by a master key does NOT create a web of trust. In other words, how do you know that you can trust the particular master key you have been shown? (Hint: it's not HTTPS). Also note that the underlying package manager rpm has the restriction that the keys are one-for-all, meaning all keys imported into the rpm database will be sufficient for ALL packages, regardless of their source.' I talked to the libzypp maintainer about this and we may come up with a meaningful proposal on this. -- You are receiving this mail because: You are on the CC list for the bug.