On Fri, May 11, 2012 at 01:02:43PM +0200, Carlos E. R. wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 2012-05-11 12:16, Josef Wolf wrote:
On Thu, May 10, 2012 at 11:37:23PM +0200, Carlos E. R. wrote:
It is supplied by suse because it is in the core repository which is supplied by suse.
Which is usually supplied to me by mirrors. Then chain of security can be intercepted even if downloaded from suse because the server is not https.
The same holds true for _every_ security patch you install. You surely install security patches, don't you? BTW: shouldn't the packages be signed to keep mirrors from manipulating them? I hope those keys are not just for fun? -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org