software-o-o icon indicating copy to clipboard operation
software-o-o copied to clipboard

Published 20 hours ago verified publisher icon openSUSE

Display GPG key of repository

Open msmeissn opened this issue 7 years ago • 2 comments

Can we somehow display the GPG key of repositories for users?

So they can easily verify they are getting the correct repository and not some man.-in-the-middle attacked one?

This would be in /repodata/repomd.xml.key

Should display of both the full ascii armored and also the fingerprints as shown by the YAST import dialog. @adrianschroeter

msmeissn avatar Dec 19 '16 15:12 msmeissn

That wouldn't help against a man-in-the-middle attacked software.opensuse.org...

mlschroe avatar Dec 19 '16 15:12 mlschroe

it is currently already https enabled.

msmeissn avatar Dec 19 '16 15:12 msmeissn