Results 1 to 7 of 7

Thread: OpenOffice Repository

  1. #1

    Default OpenOffice Repository

    I've been using the OpenOffice.org STABLE repository since I installed OpenSuse a few weeks ago. Now all of a sudden, when I open the Software Manager, it asks me to import the key, even though I imported it when I added the repository originally. All the other repostories refresh normally. Has the key changed? Or has the repository been hacked? How are we to know when it's safe to import a new key? Presumably the trusted key thing isn't meant to change ever, or it would defeat the point!

    Index of /repositories/OpenOffice.org:/STABLE/openSUSE_11.1

  2. #2
    Join Date
    Aug 2008
    Location
    Seattle, WA
    Posts
    1,376

    Default Re: OpenOffice Repository

    It looks like they were making changes on the repo earlier today. Try later or tomorrow and see if your still asked to import the key.

  3. #3
    Join Date
    Jun 2008
    Location
    Lincoln, NE, USA
    Posts
    79

    Default Re: OpenOffice Repository

    Quote Originally Posted by nickelarse View Post
    I've been using the OpenOffice.org STABLE repository since I installed OpenSuse a few weeks ago. Now all of a sudden, when I open the Software Manager, it asks me to import the key, even though I imported it when I added the repository originally. All the other repostories refresh normally. Has the key changed? Or has the repository been hacked? How are we to know when it's safe to import a new key? Presumably the trusted key thing isn't meant to change ever, or it would defeat the point!

    Index of /repositories/OpenOffice.org:/STABLE/openSUSE_11.1
    I just imported the key and got a bunch of updates to open office (3.1.1). Every thing is fine.

  4. #4

    Default Re: OpenOffice Repository

    I'm tempted to just do that, but it worries me if I'm expected to just accept keys that change with no information on why. I thought the whole point was to prevent people hacking in and changing things without people finding out? Is there any information anywhere on when repositories get changed or have signatures changed? I was just thinking back to Fedora that had to change all their keys last year because somebody broke into the server rooms (or something).

  5. #5
    Join Date
    Jun 2008
    Location
    Lincoln, NE, USA
    Posts
    79

    Default Re: OpenOffice Repository

    Quote Originally Posted by nickelarse View Post
    I'm tempted to just do that, but it worries me if I'm expected to just accept keys that change with no information on why. I thought the whole point was to prevent people hacking in and changing things without people finding out? Is there any information anywhere on when repositories get changed or have signatures changed? I was just thinking back to Fedora that had to change all their keys last year because somebody broke into the server rooms (or something).
    Where you see the information about new key, it says the key is issued by open office.org. That is why I trusted and imported it.
    Of course, it is your choice, if you want to be cautious.

  6. #6

    Default Re: OpenOffice Repository

    Sounds fair enough actually. And of course, I blindly trusted it in the first place!
    Ta,
    Nick

  7. #7
    Join Date
    Sep 2009
    Location
    Czech Republic
    Posts
    7

    Default Re: OpenOffice Repository

    Well, anyone can write he issued the new key. There should be some kind of an announcement on the web containing the fingerprint, otherwise the key is not trustful.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •