GPG-pubkeys
Basil Chupin
blchupin at tpg.com.au
Mon Sep 11 08:45:10 PDT 2006
Jeff Johnson wrote:
>
> On Sep 11, 2006, at 11:32 AM, Basil Chupin wrote:
>
>> Jeff Johnson wrote:
>>>
>>> Meanwhile, there are other ways to distribute and install public keys
>>> that
>>> do not involve human interaction. E.g. importing the handful of
>>> public keys
>>> for the repository uses will avoid the necessity of answering yes
>>> mindlessly.
>>
>> Which is what I am trying to suggest could be done to avoid
>> uncompleted upgrades by using methods which do not involve human
>> intervention.
>>
>
> Which is what I am suggesting as well. ;-)
>
> FYI: checksums are easier to fake than signatures, and so signatures
> provide a stronger
> integrity check.
Ok, understood, but I think the point here, which I am trying to nail,
is that from what you just said, and what I understand gpgs to
represent, is that gpgs apply to "sites* and not individual packages so
that once "you" accept the gpg for a *site* any package which is on that
site will be accepted without question by smart as an upgrade.
Cheers.
--
This computer is environment-friendly and is running on OpenSuSE 10.1
More information about the Smart
mailing list