On 2014-03-14 21:04, Jason wrote:
On Friday, March 14, 2014 08:48:20 Adrian Schröter wrote:
Your clock might be wrong, too fast. It is now 19:24.
Fail at comprehension:) Thank you.
FWIW, I'd prefer for zypper to:
1. Halt with a warning when digest check fails (ie no options to be dealt with) 2. Do not install package if key is not matching. I do understand the process more or less now, thank you gentlemen for explaining it to me so I see how this is is the _least_ possible issue.
As I understand it, the repository metadata is signed, and both YaST and zypper will give a big warning if the signature check (of the metadata) fails. Individual packages are signed, but the signatures are not verified. However, those packages are listed in the metadata, with checksums, so that if a single package does not match the metadata contained checksum, you will get a warning. Zypper/yast would not install that package, as bad. So the overall process is gpg signed :-) -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)