GPG-pubkeys
Christoph Thiel
cthiel at suse.de
Mon Sep 11 08:48:26 PDT 2006
On Tue, 12 Sep 2006, Basil Chupin wrote:
> > > I don't remember having to accept a gpg-key from each and every
> > > source of upgrades for my OS (SUSE) but only 2 or possibly 3 sites
> > > had to have their gpgs accepted or rejected (but who in their right
> > > mind would do that anyway?). So, what is the big deal about these
> > > gpg-keys when they are not universally used?
> >
> > That's because we only have 2 major keys for SUSE / openSUSE -- one
> > for the distribution and the other one for the Build Service.
>
> Ok, so what you seem to be suggesting is that I would have had to
> manually accept those keys at some early stage before smart did any
> upgrading from these sources and now the upgrades are done without me
> being questioned about the gpgs?
Those two keys are installed by default.
> At the same time, are these same keys used by all the mirrors which are
> listed in smart's list of mirrors used for upgrading?
The keys that you are seeing are most likely Packman or someone elses.
Smart doesn't know about them before you actually try to install a
package, which is why it tries to get/import the key when you install the
package.
I don't think you'll add new repos very often, so you won't run into the
"do you want to import the key" that often.
Any patch that improves the situation will be very much appreciated!
Regards
Christoph
More information about the Smart
mailing list