GPG-pubkeys
Basil Chupin
blchupin at tpg.com.au
Mon Sep 11 08:32:28 PDT 2006
Jeff Johnson wrote:
>
> On Sep 11, 2006, at 10:50 AM, Basil Chupin wrote:
>
>> Christoph Thiel wrote:
>>> On Sat, 9 Sep 2006, Basil Chupin wrote:
>>>> Further to the earlier thread, "F**** annoying unavailable keys",
>>>> but on a slightly different tack, is there a way to make smart to
>>>> simply *accept* an offered gpg-key when smart is upgrading a package
>>>> rather than have it sit like a shag on a rock waiting for me (for
>>>> example) to click on YES so that smart can continue with the
>>>> download of the package?
>>> This would render any kind of key checking useless, as smart would
>>> accept any key that's available on the configured keyserver.
>>> I'm currently looking into enabling -y / --yes to work with key
>>> checking as well, so you could just use "smart upgrade -y" then...
>>> however, it's just like completly turning of key checking in the end.
>>
>> I am just a bit lost here....
>>
>> I don't remember having to accept a gpg-key from each and every source
>> of upgrades for my OS (SUSE) but only 2 or possibly 3 sites had to
>> have their gpgs accepted or rejected (but who in their right mind
>> would do that anyway?). So, what is the big deal about these gpg-keys
>> when they are not universally used?
>>
>> Or have I missed something (more than likely!) and the use of gpg-keys
>> is an integral part of any upgrades from any source and smart just
>> will not so any upgrades unless the necessary key is accepted?
>>
>> I simply don't know how or why these keys play such a "vital" role in
>> smart's upgrade process.
>>
>
> Public keys are a vital part of insuring that a rpm package has not been
> tampered with.
>
> Public key management, new in recent smart, basically
> Is it okay to import this public key (Y/n)?
> requires interaction with the end-user for new public keys.
>
> Meanwhile, there are other ways to distribute and install public keys that
> do not involve human interaction. E.g. importing the handful of public keys
> for the repository uses will avoid the necessity of answering yes
> mindlessly.
Which is what I am trying to suggest could be done to avoid uncompleted
upgrades by using methods which do not involve human intervention.
Cheers.
--
This computer is environment-friendly and is running on OpenSuSE 10.1
More information about the Smart
mailing list