2012/5/28 Carlos E. R.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-05-28 02:35, Nelson Marques wrote:
2012/5/28 Carlos E. R. <>:
But still what you say doesn't make much sense, because the keys are actually the ones from openSUSE, so the RPMs verification should still work.
And how do you know that they come from them? >:-)
Your mirror can sign the metadata and the data with a key that says is from openSUSE but it is not. When you run zypper or yast, you get a message box that says that it has to import a new key, so you do.
(There is absolutely no way in what you can verify the origin and validity of those keys)
Hacked. >:-)
No, openSUSE got hacked and leaked their keys... can you sign RPMS with just the public key ? :) If you do.... then thats quite a feature.
- -- Cheers / Saludos,
Carlos E. R. (from 11.4 x86_64 "Celadon" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk/CzOcACgkQIvFNjefEBxp1ewCeLw3chMaoSf1vyYexNbzpi8iy k7UAoLFg5LOlY6oR3+jf/C+QMmU+EMZS =xe4S -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org
-- Nelson Marques // I've stopped trying to understand sandwiches with a third piece of bread in the middle... -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org