Bug 365914

Summary: supply link that allows the user to check the validitiy of a repo-key
Product: [openSUSE] openSUSE.org Reporter: Forgotten User --EoyBps8f <forgotten_--EoyBps8f>
Component: BuildServiceAssignee: E-mail List <bnc-team-screening>
Status: RESOLVED WONTFIX QA Contact: Adrian Schröter <adrian.schroeter>
Severity: Enhancement    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Forgotten User --EoyBps8f 2008-02-29 08:41:49 UTC 
If a user imports a repo, e.g. from the build-service, one gets prompted to check the signature of that repo and whether to trust it. Yet there is no easy way supplied to actually do so, e.g. a link to a site on opensuse.org which lists the signatures.

As a result users get used to just click "import certificate" which IMO is a bad thing.
Comment 1 Marcus Meissner 2008-03-01 22:25:25 UTC 
for our buildservice guys.
Comment 2 Adrian Schröter 2008-03-03 08:31:50 UTC 
That is right, we need the trust system for that. We may work on that soon ...
Comment 3 Bugzilla Account Maintenance 2008-09-02 18:07:50 UTC 
Because the LATER and REMIND resolutions have been removed, the resolution of this bug has changed from LATER to WONTFIX. If this bug needs to be reconsidered, reopen it and set a future "Target Milestone for Fix."