Re: trust update servers?
- From: David Bolt <blacklist-me@xxxxxxxxxx>
- Date: Fri, 28 Sep 2007 04:39:16 +0100
On Thu, 27 Sep 2007, takeout wrote:-
Just wondering, what kind of trust or authentication mechanism is used
by Yast Online Update? I know its some kind of public key system... When
I trust an update source and add it, am I trusting Suse/Novell, or just
that update server? Like I use mirrors.kernel.org. Am I trusting them or
are they just hosting files that are signed by the openSUSE team?
Why not check and see. The key you're going to be importing/trusting is
content.key . This just so happens to be exactly the same as the file
media.1/products.key, and also gpg-pubkey-9c800aca-40d8063e.asc .
To check it, all you need to do is import it into your own GPG key-ring.
If/when you do, you should see something like this:
davjam@adder:/local/temp> gpg --import gpg-pubkey-9c800aca-40d8063e.asc
gpg: key 9C800ACA: "SuSE Package Signing Key <build@xxxxxxx>" 2 new signatures
gpg: Total number processed: 1
gpg: new signatures: 2
gpg: 3 marginal(s) needed, 1 complete(s) needed, PGP trust model
gpg: depth: 0 valid: 1 signed: 0 trust: 0-, 0q, 0n, 0m, 0f, 1u
Regards,
David Bolt
--
Member of Team Acorn checking nodes at 100 Mnodes/s: www.distributed.net
RISC OS 3.11 | SUSE 10.0 32bit | SUSE 10.1 32bit | openSUSE 10.2 32bit
RISC OS 3.6 | SUSE 10.0 64bit | SUSE 10.1 64bit | openSUSE 10.2 64bit
TOS 4.02 | SUSE 9.3 32bit | | openSUSE 10.3b2 32bit
.
- Follow-Ups:
- Re: trust update servers?
- From: houghi
- Re: trust update servers?
- References:
- trust update servers?
- From: takeout
- trust update servers?
- Prev by Date: trust update servers?
- Next by Date: Re: need help with rc1 please.
- Previous by thread: trust update servers?
- Next by thread: Re: trust update servers?
- Index(es):
Relevant Pages
|
