14 May
2012
14 May
'12
10:39
On Sun, May 13, 2012 at 04:07:04PM +0200, Carlos E. R. wrote:
Which is usually supplied to me by mirrors. Then chain of security can be intercepted even if downloaded from suse because the server is not https.
The same holds true for _every_ security patch you install. You surely install security patches, don't you?
Yes, but those patches are signed, and security is maintained.
The problem arises when the update repo changes key, there is no secure channel to update the key.
But this is a generic problem with _all_ updates and in no way related to the question whether to put third-party keys into rpm's. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org