Comments on: openSUSE Build Service 1.8 and 2.0 Announced http://news.opensuse.org/2010/06/09/opensuse-build-service-1-8-and-2-0-announced/ The latest news from the openSUSE project Mon, 20 May 2013 18:01:25 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Olaf http://news.opensuse.org/2010/06/09/opensuse-build-service-1-8-and-2-0-announced/comment-page-1/#comment-8772 Olaf Fri, 11 Jun 2010 16:24:59 +0000 http://news.opensuse.org/?p=3468#comment-8772 Thanks for your explanation.

My questions was related to the following two situation:
- I add a new repository and YaST offers to import it. Can I then trust YaST to either download the key over a secure connection (such as ssh), or to fetch the key fingerprint via a secure connection
- Sometimes the key for the repository changes for technical reasons. zypper then asks me to confirm the new fingerprint. But I did not find any secure page for looking up the fingerprint. I then asked in IRC and was told that securely looking up the fingerprint is unnsupported by OBS, unless you are a developer with an account. I was wondering whether this problem was fixed in the current version.

Olaf

]]> By: adrian http://news.opensuse.org/2010/06/09/opensuse-build-service-1-8-and-2-0-announced/comment-page-1/#comment-8766 adrian Thu, 10 Jun 2010 16:48:13 +0000 http://news.opensuse.org/?p=3468#comment-8766 The key is part of the repositories. Packagemanagers like zypper or YaST offer to import it when you add the repo.

But you can also download and import it manually from the repodata directory.

The download redirector is always delivering it itself btw, so it does not come from a mirror.

]]> By: Olaf http://news.opensuse.org/2010/06/09/opensuse-build-service-1-8-and-2-0-announced/comment-page-1/#comment-8765 Olaf Thu, 10 Jun 2010 15:01:05 +0000 http://news.opensuse.org/?p=3468#comment-8765 Is there now a way to publically check the PGP keys used for signing the repositories? Or can only people with accounts check the validity of these keys (such as before)?

]]>