GPG-pubkeys

[Monkey 9]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1



Jeff Johnson schreef:
> 
> On Sep 11, 2006, at 11:45 AM, Basil Chupin wrote:
> 
>> Jeff Johnson wrote:
>>> On Sep 11, 2006, at 11:32 AM, Basil Chupin wrote:
>>>> Jeff Johnson wrote:
>>>>>
>>>>> Meanwhile, there are other ways to distribute and install public
>>>>> keys that
>>>>> do not involve human interaction. E.g. importing the handful of
>>>>> public keys
>>>>> for the repository uses will avoid the necessity of answering yes
>>>>> mindlessly.
>>>>
>>>> Which is what I am trying to suggest could be done to avoid
>>>> uncompleted upgrades by using methods which do not involve human
>>>> intervention.
>>>>
>>> Which is what I am suggesting as well. ;-)
>>> FYI: checksums are easier to fake than signatures, and so signatures
>>> provide a stronger
>>> integrity check.
>>
>> Ok, understood, but I think the point here, which I am trying to nail,
>> is that from what you just said, and what I understand gpgs to
>> represent, is that gpgs apply to "sites* and not individual packages
>> so that once "you" accept the gpg for a *site* any package which is on
>> that site will be accepted without question by smart as an upgrade.
>>
> 
> The administriation and distribution of public keys tend to be per-site
> yes.
> 
> Meanwhile, the use of public keys is per-package signature verification.
> 
> 73 de Jeff

As long as the upgrade does not stop, after a so called 'unavailable
key' there is only the problem from the unavailable key.

But, when after not finding the key, everything stops, the downloaded
packages sit, waiting for to be installed...
that is what happens...

It fucked up my os, and i had to reinstall, after which i upgraded to
SuSE 10.1, which does not have this problem at all.

M9.
> 
> 
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org

iD8DBQFFBYggX5/X5X6LpDgRAmSiAKCHdLzlQJECYePxKbTVETf1pdWKjgCgqOM6
DBSFP/67ziLpUWv+tRuB0C4=
=Z9Ne
-----END PGP SIGNATURE-----