On 2015-08-03 16:46, shadders wrote:
> Hi All,
> Apologies for not using the code font.
You still do not understand. It is not a FONT change. It is a CODE TAGS
BLOCK, accessed by pressing the #] button in the editor.
The purpose is not to change the size of letters, but to tell the forum
software not to change the text inside, so that we see it intact, unaltered.
> What seems to be occurring is that Yast requests i accept the GnuPG key
> for :
> 4 | libdvdcss repository | libdvdcss repository | Yes | ( p) Yes | Yes | 99 | rpm-md | http://opensuse-guide.org/repo/13.2/
> This has worked before - so someone has changed the GnuPG.
Well, yes, it happens now and then, yes.
> Accessing the link i obtain forbidden access error 403.
But notice that some repositories forbid browsing, yet they work with
yast, because yast doesn’t “browse”.
> So - in the interest of security - should we as a community be
> publishing the keys for the repositories ?
No. Not “we”, but “them”. The people that create and maintain any repo
should publish somewhere their keys. And the openSUSE project should
have a link or page for that, yes.
However, the above page does not belong to the openSUSE project.
For instance, packman does:
However, how do you know that the page was not hijacked? You’d say: use
https instead. Yes, you may… but in this case, the certificate is
private (thus untrusted), and the link is dead, anyway.
> Unless this is done, we could be accepting bad repositories and hence
> trojan’s or other installed on people PC.
Cheers / Saludos,
Carlos E. R.
(from 13.1 x86_64 “Bottle” (Minas Tirith))