GPG-pubkeys

[linux_learner]

Not just in smart's role, but in yum, apt, YaST, even email. Microsoft
also uses something like it. They call it ActiveX. ActiveX is nowhere
near as good as gpg. This is a security feature to make sure that
things are recieved as they are sent. For example, If someone gets the
package and alters it, and then resubmits it to the site, the gpg key
(iirc) becomes broken and invalid.

On 9/11/06, Basil Chupin <blchupin at tpg.com.au> wrote:
> Christoph Thiel wrote:
> > On Sat, 9 Sep 2006, Basil Chupin wrote:
> >
> >> Further to the earlier thread, "F**** annoying unavailable keys", but on
> >> a slightly different tack, is there a way to make smart to simply
> >> *accept* an offered gpg-key when smart is upgrading a package rather
> >> than have it sit like a shag on a rock waiting for me (for example) to
> >> click on YES so that smart can continue with the download of the
> >> package?
> >
> > This would render any kind of key checking useless, as smart would accept
> > any key that's available on the configured keyserver.
> >
> > I'm currently looking into enabling -y / --yes to work with key checking
> > as well, so you could just use "smart upgrade -y" then... however, it's
> > just like completly turning of key checking in the end.
>
> I am just a bit lost here....
>
> I don't remember having to accept a gpg-key from each and every source
> of upgrades for my OS (SUSE) but only 2 or possibly 3 sites had to have
> their gpgs accepted or rejected (but who in their right mind would do
> that anyway?). So, what is the big deal about these gpg-keys when they
> are not universally used?
>
> Or have I missed something (more than likely!) and the use of gpg-keys
> is an integral part of any upgrades from any source and smart just will
> not so any upgrades unless the necessary key is accepted?
>
> I simply don't know how or why these keys play such a "vital" role in
> smart's upgrade process.
>
> Cheers.
>
> --
> This computer is environment-friendly and is running on OpenSuSE 10.1
>