[packman] digests SIGNATURES NOT OK
Stefan Seyfried
stefan.seyfried at googlemail.com
Sun Dec 12 11:04:23 CET 2021
On 12.12.21 09:20, Marc Schiffbauer wrote:
> Hi Giacomo,
>
> we should really create a new gpg key for the repo.
>
> @Stefan: What do you think?
Another Stefan here, but still ;-)
Changing the key should be advertised in advance, in prominent places.
Really the best solution (if possible) would be if the new key could be
signed by the old one and thus automatically accepted by zypper et al.
I have no idea if this is even possible, nor how to implement it in OBS.
A plain "osc signkey --create" will simply wipe the old one and create a
new key, but that would cause a bad user experience :-(
Maybe we should ask security-team at suse.de for help on how to handle this
best? They surely must be prepared for updating a key.
--
Stefan Seyfried
"For a successful technology, reality must take precedence over
public relations, for nature cannot be fooled." -- Richard Feynman
More information about the Packman
mailing list