Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add option to import untrusted repo signing key #180

Open
digitaltom opened this issue Aug 9, 2023 · 1 comment
Open

Add option to import untrusted repo signing key #180

digitaltom opened this issue Aug 9, 2023 · 1 comment
Labels
help wanted Extra attention is needed

Comments

@digitaltom
Copy link
Member

Similar to the feature #114 which allows to interactively accept a new repository EULA, it would be useful to be able to interactively (or via cms switch, config) import untrusted repo signing keys.

This for example affects the IBM extensions on SLE12, and the nvidia repos on SLE15, which are signed with a non SUSE signing key.

@hramrach
Copy link

There is still the question of how to verify the key, and how it is done when the repository is added in the installer where this problem does not exist.

For security reasons the key should not be untrusted but rather imported from a known key database.

@felixsch felixsch added the help wanted Extra attention is needed label Jun 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
help wanted Extra attention is needed
Projects
None yet
Development

No branches or pull requests

3 participants