Latest update - 2018.05.26 - missing key on CentOS
christoph.erhardt at sicherha.de
Fri Jun 15 08:30:34 CEST 2018
I think you may be mistaking me for a staff member of Kolab Systems; I'm just
a regular member of the project's open-source community like you are. ;-)
I agree with what you wrote, but I cannot do anything about it (other than
help out in the areas where my progress is not dependent on somebody at Kolab
Systems flicking a switch).
Regarding the workaround for the signing-key issue: fortunately, it's not as
problematic as you think. If you change the repository link to https://, your
package manager validates the server's host certificate and downloads all
packages over an encrypted connection - which should provide roughly the same
level of integrity guarantees. Still, I agree that this issue should be fixed
rather today than tomorrow.
On Thursday, 14 June 2018 13:46:28 CEST Enrico Tagliavini wrote:
> Hello Christoph,
> if I may throw in a suggestion, without sounding like a troll or
> an hater, but rather trying to be constructive: maybe this is a good
> time to review the internal priorities. I understand there is one
> person only maintaining the infrastructure and I fully understand he
> can be busy. Blocking updates of all users for multiple weeks should
> be a very high priority task, I know there is a workaround but it
> involved disabling the only check guaranteeing the source of the
> package. Possibly this person needs some help if he cannot flush his
> queue enough to reach the point where he can take care of this task.
> Again: this is just not to flame or troll, I support Kolab, and I
> appreciate the work from everybody working on it and I want it to be
> as successful as possible, that's also why I want such issue not to
> happen or to be addressed timely.
> Thank you.
> Kind regards.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 833 bytes
Desc: This is a digitally signed message part.
More information about the users