On Tue, Apr 04, 2006 at 02:29:58PM +0200, Joachim Werner wrote:
<snip great explanation>
> Now for the problems with YaST and installation sources you may have faced in
> the last couple of days:
>
> The problem is that the signature checks are already in place, but the GUI
> and
> command line options that let you import non-SUSE keys, override key checking
> and integrity checking are not in place yet.
OK. That was what I figured out eventually. ;-)
> With the final product you will be able to switch all the checks off, so you
> can still use sources that do not use any signing or checksums. But currently
> there are a few bugs with YaST expecting a signature to be there etc.
Somehow I managed to work around that and get non-signed RPM's on a iso.
This with just editing the content of one file. This means that even
though people think they have the real deal, they might get an infected CD
or DVD.
Does this then not kill of the purpose of the signing? It makes it possibe
to get insecure things installed. All it does is remove the ^META and ^KEY
from ./content.
Don't get me wrong, I understand the need for signing, as long as there is
way around it for those who want it (at their own risk)
Thanks for the clear explanation. I will re-read it and might come back
with extra questions later.
houghi
--
Nutze die Zeit. Sie ist das Kostbarste, was wir haben, denn es
ist unwiederbringliche Lebenszeit. Leben ist aber mehr als Werk
und Arbeit, und das Sein wichtiger als das Tun
- Johannes Müller-Elmau
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
