Mailinglist Archive: opensuse-buildservice (266 mails)

< Previous Next >
Re: [opensuse-buildservice] obs-service-gpg-offline
Michal Vyskocil wrote:
On Tue, Jan 08, 2013 at 04:43:02PM +0100, Stanislav Brabec wrote:

Well, even worse. What if author of the-tiny-game-0.1.tar.gz.asc would
try to submit httpd-2.4.3.tar.bz2.asc signed by his key. Signature check
will pass!

Well, noone said that in web of trust model won't check the .keyring
changes. But it was just an idea, I would say that a current incarnation
is secure and flexible enough.

Well, it could make sense. Just a question.

What is better:
- adding keys in that keyring to web of trust
- signing the keyring file during submitting to Factory

Best Regards / S pozdravem,

Stanislav Brabec
software developer
SUSE LINUX, s. r. o. e-mail: sbrabec@xxxxxxx
Lihovarská 1060/12 tel: +49 911 7405384547
190 00 Praha 9 fax: +420 284 028 951
Czech Republic

To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >