http://bugzilla.opensuse.org/show_bug.cgi?id=906589 --- Comment #22 from Michael Andres <ma@suse.com> --- (In reply to grant k from comment #21)
so, WHY is that repo getting a "New repository or package signing key" ?
Authority for trusted keys on your system is the rpm databbase, namely the gpg-pubkey (pseudo) packages. (rpm -qai gpg-pubkey)
New repository or package signing key received: Repository: MediaApps Key Name: multimedia OBS Project .... Key Fingerprint: 01FB54D4 EAF87B0F 5624266B 5F3D540F 3A802234 Key Created: Wed 21 May 2014 02:04:08 PM PDT Key Expires: Fri 29 Jul 2016 02:04:08 PM PDT Rpm Name: gpg-pubkey-3a802234-537d14c8
The fingerprints last 8 byte make the gpg-pubkey packages version. The key is known and trusted if we have gpg-pubkey-3a802234 in the rpm database. If the rpm data base does not contain gpg-pubkey-3a802234, the key is NEW and you are asked to confirm it. If you accept the key it is imported into the rpm database. After this, gpg-pubkey-3a802234 is present and you don't have to confirm it again, until it is removed from the rpm database (rpm -e gpg-pubkey-3a802234). If the server side did not change, the key was most probably not in the rpm database (or you accidentally used the sed-patched libzypp with gpg-2.0.x). A zypper.log could tell... -- You are receiving this mail because: You are on the CC list for the bug.