[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] APT & RPM signatures

On Thursday 02 March 2006 11:57, Michel Messerschmidt wrote:
> >>>> Suffice to say that I have 2 sig keys missing, IDs 8750d2c4 and
> >>>> 2e80fbc2.  I can't find rpmkey rpms for them.  I have found the keys
> >>>> and downloaded them. They load into Kgpg on the SuSE box without
> >>>> complaint.  RPM ignores them after import - key IDs not listed in 'rpm
> >>>> -qa gpg-pubkey*'.
> RPM can't deal with all types of signatures on a key.
> At the moment I'm not quite sure which type causes the
> problem, but I think it were "v2" signatures.
> You must remove all rpm-incompatible signatures from a key
> before the rpm import will be successful.

I think this means that some of the rpms fetched by apt4suse have signatures 
which can't be checked ... and they're signed by the "suse.de" team!

Is there any way round this without turning off signature checking?


Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here