On Mon, Oct 08, 2007 at 08:34:36AM -0400, darko g wrote:
On 10/8/07, Marcus Meissner
wrote: How do I safely use the gnupg key system for repositories? Is accepting these keys when adding repositories with yast the preferred way? And if so how can I tell these are the correct keys?
SUSE repos - no import dialog should appear, the keys are preconfigured.
other repos - the id and the fingerprint is shown and you should review them (and can fetch the key in another shell and use GPG to check it).
What about rootkits? How do I protect my system for rootkits when downloading rpm's from sites such as rpmbone?
Hello, where does Yast keep the keys?
In the RPM database. rpm -qa|grep gpg-pubkey You can remove them with "rpm -e" for instance. There is no GUI for it yet. Ciao, Marcus --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org