[packman] packages signed with two different keys?

Mathias Homann admin at eregion.de
Mon Jan 11 11:22:38 CET 2010

Am Montag, 11. Januar 2010 10:40:06 schrieb Kyrill Detinov:
> Monday 11 January 2010
> On Monday 11 January 2010 11:55:45 Mathias Homann wrote:
> > Seems that the packman build service uses more than one key... and
> > zypper can't handle that...
> >
> >
> > any fixes?
> There is a package rpmkey-packman in repository.

that's not the point.
the point is that zypper can, and will, fetch the appropriate key from within 
the repository. BUT for this to work it can only be ONE key, not more than 
OBS (which from what i understand is the underlying build environment) does 
exatly that: it signs all packages with the same key.
So, if there are packages in packman that are signed with a different key, 
they HAVE to be from a different source... which might not be trustworthy.
After all, that's what signing packages is all about.


More information about the Packman mailing list