Mailinglist Archive: opensuse (2112 mails)

["John Andersen" <jsamyth@xxxxxxxxx>]

On Fri, Aug 8, 2008 at 11:49 AM, Adam Jimerson <vendion@xxxxxxxxxxx> wrote:
> YaST2 and openSUSE-updater are complaining that the signing key used on the
> ATI repo does not match the key that I accepted when I added the repo.  The
> exact error that YaST2 is giving me is:
>
> Validation Check Failed
>
> File repomd.xml
> is signed with the following GnuPG key, but the integrity check failed:
>
> ID A794DEA1FC2D149
> Fingerprint: 7D6F 1AF2 6CD1 D227 CD54 4AAE A794 D9EA 1FC2 D149
> Name: ATI Linux Software (ATI-REPO.ZIP) <atilinuxsoftware@xxxxxxx>
> Created: 06/12/2008
> Expires: 06/12/2009
>
> This means that the file has been changed by accident or by an attacker since
> the repository creator signed it.  Using it is a big risk for the integrity
> and security of your system.
>
> Use it anyway?
> Yes/No buttons
>
> I'm going to hit No, but did the ATI repo get a new key?  I am sending this to
> the email address the signed key as hoping that someone on ATI's side will
> have an answer also.
> --
> "We must plan for freedom, and not only for security, if for no other reason
> than only freedom can make security more secure."  Karl Popper



Good question. A search on the address atilinuxsoftware@xxxxxxx
reports two keys generated in June of 2006 and June 2007, so maybe
they have a practice of changing keys yearly.

Never the less, the key you posted does not verify for me either
regardless of which of the several key servers I used.


-- 
----------JSA---------
There are 10 kinds of people in this world, those that can read binary
and those that can't.
-- 
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx