Donnerstag, 1. November 2007 Michal Marek:
> Wolfgang Woehl wrote:
> > Dienstag, 30. Oktober 2007 Marcus Meissner:
> >> A good trust management for keys was requested for several releases now,
> >> but has not happened so far.
> >
> > Where can you even review which keys yast/zypper uses?
>
> rpm -qi gpg-pubkey | less
> (these are keys imported into the rpm db, but they'll usually match
> those used to sign the repos).
>
> find /var/lib/zypp/ -name '*.key' | xargs -L 1 gpg
> are the keys used by zypp.
Hi Michal,
So, please correct me if I'm wrong, in order to link, say, the packman
key I
have in rpmdb to some factual trust information like packman's website I have
to
1. rpm -qi gpg-pubkey > rpmdb-signing_keys.txt (I don't see how you can
fingerprint these with rpm so you need to ...)
2. gpg --import rpmdb-signing_keys.txt
3. gpg --fingerprint
in the console?
There is no way in yast to do this. Which leaves the majority of people with
the non-choice of accepting a key they cannot check in order to install a
package.
Why do I have the feeling that I must be missing something here? That this
just cannot be?
Wolfgang
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
