Bug ID 1224292
Summary SUMA has a problem with an old key next to a new one in 15.6
Classification openSUSE
Product openSUSE Distribution
Version Leap 15.6
Hardware Other
OS Other
Status NEW
Severity Normal
Priority P5 - None
Component Security
Assignee security-team@suse.de
Reporter lubos.kocman@suse.com
QA Contact qa-bugs@suse.de
Target Milestone ---
Found By ---
Blocker --- 

From Michael Calmer


there is a problem with the 15.6 repo metadata:
repomd.xml is signed, but not with the "repomd.xml.key"
$> gpg --keyid-format=long --show-keys --with-fingerprint repomd.xml.key
pub   rsa2048/B88B2FD43DBDC284 2008-11-07 [SC] [expired: 2024-05-02]
      Key fingerprint = 22C0 7BA5 3417 8CD0 2EFE  22AA B88B 2FD4 3DBD C284
uid                            openSUSE Project Signing Key
<opensuse@opensuse.org>
$> gpg --verify repomd.xml.asc 
gpg: assuming signed data in 'repomd.xml'
gpg: Signature made Sat 11 May 2024 02:01:32 AM CEST
gpg:                using RSA key 35A2F86E29B700A4

I think we switched the key, but we still put the old key next to it?
Who can fix this? It break testing SUSE Manager and Uyuni

You are receiving this mail because: