Mailinglist Archive: opensuse-security (109 mails)

< Previous Next >
Re: [suse-security] APT & RPM signatures
  • From: Administrator <admin@xxxxxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Thu, 2 Mar 2006 16:29:49 +0000
  • Message-id: <200603021629.49588.admin@xxxxxxxxxxxxxxxxxxxxxxxxxx>
On Thursday 02 March 2006 11:57, Michel Messerschmidt wrote:
> >>>> Suffice to say that I have 2 sig keys missing, IDs 8750d2c4 and
> >>>> 2e80fbc2. I can't find rpmkey rpms for them. I have found the keys
> >>>> and downloaded them. They load into Kgpg on the SuSE box without
> >>>> complaint. RPM ignores them after import - key IDs not listed in 'rpm
> >>>> -qa gpg-pubkey*'.
>
> RPM can't deal with all types of signatures on a key.
> At the moment I'm not quite sure which type causes the
> problem, but I think it were "v2" signatures.
> You must remove all rpm-incompatible signatures from a key
> before the rpm import will be successful.

I think this means that some of the rpms fetched by apt4suse have signatures
which can't be checked ... and they're signed by the "suse.de" team!

Is there any way round this without turning off signature checking?

Thanks
David

< Previous Next >