Home_greyopenFATE - openSUSE feature tracking > #304911
Dashboard | Search | Sign up | Login

Please login or register to be able to edit or vote this feature.

Import all GPG keys at once before downloading the metadata from new repositories

Feature state

openSUSE-11.1
Rejected Information
openSUSE-11.2
Rejected Information
openSUSE-11.3
Evaluation By Projectmanager

Description

If e.g. 10 different repositories are added yast asks to import the GPG key for each repository so the user cannot leave the computer while the metadata are downloaded.

References

https://bugzilla.novell.com/show_bug.cgi?id=399253

Discussion


icons/user_comment.png D. M. wrote: (9 years ago)

It is not a good idea to add gpg keys for all repos all over the world.
What do you want to do with new repos on BuildService? They can be created after release of new Suse version.
All repos signed with SuSE Package Signing Key are guaranteed. When you add other repos you should confirm you trust them.

But special option for 'zypper ar'. Something like '--trust-key' will solve you problem.

icons/user_comment.png S. K. wrote: (9 years ago)

you haven't see the community repos list yet?

icons/user_comment.png S. K. wrote: (9 years ago)

looking for community volunteers

icons/user_comment.png S. M. wrote: (9 years ago)

Would it be possible to do a quick check to see which repositories do not have the keys already downloaded and do the dialog box for all of them before starting the metadata download?

That avoids the issue of just accepting the keys blindly and the issue of having the download process stop and wait for user input when a missing key is found.

icons/user_comment.png T. J. wrote: (8 years ago)

You have to go out of your way to add the repo in the first place.

Can someone please explain a scenario where you would go out of your way to add the repo, and then reject the GPG key?

icons/user_comment.png S. K. wrote: (8 years ago)

community repositories lets you add several repos at once

icons/user_comment.png T. R. wrote: (8 years ago)

But isn't that a list of repositories trusted by openSUSE?

icons/user_comment.png M. M. wrote: (8 years ago)

Not by the distribution itself, no.

Some of the repositories are built with less security and less quality than the distribution itself.

There shouyld perhaps be a two step process in the end .. seperate "known keys" ... "unknown keys" and "trusted keys" :/

icons/user_comment.png R. D. wrote: (8 years ago)

Can't the Distro include keys for repo's like Packman &  libdvdcss which high proportion of user will add.  It's certifying the identity of the repo for better security not installing (or inducing install of) any potentially illegal software.

The highish quality repos ought to be recognised, as training user to blindly accept certificates is counter-productive from security pov.

icons/user_comment.png M. S. wrote: (7 years ago)

I have voted against #304911 as described.

But a feature like described by R. D. might be desireable.

icons/user_comment.png S. M. wrote: (7 years ago)

I think some of the discussion is missing the point of the original request which is to do the key verification early in the process (not to skip it) so that a user can answer all the required key confirmations early in the process and then leave the computer to work on other things.

This is a change from what we have now where you must keep checking back to see if there is a pending request for user input blocking completion.

Last change: 5 years ago
Voting
Score: 41
  • Negative: 3
  • Neutral: 2
  • Positive: 44
Feature Export
Application-xmlXML   Text-x-logPlaintext   PrinterPrint