Bug ID | 1224292 |
---|---|
Summary | SUMA has a problem with an old key next to a new one in 15.6 |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.6 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | Security |
Assignee | security-team@suse.de |
Reporter | lubos.kocman@suse.com |
QA Contact | qa-bugs@suse.de |
Target Milestone | --- |
Found By | --- |
Blocker | --- |
From Michael Calmer there is a problem with the 15.6 repo metadata: repomd.xml is signed, but not with the "repomd.xml.key" $> gpg --keyid-format=long --show-keys --with-fingerprint repomd.xml.key pub rsa2048/B88B2FD43DBDC284 2008-11-07 [SC] [expired: 2024-05-02] Key fingerprint = 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284 uid openSUSE Project Signing Key <opensuse@opensuse.org> $> gpg --verify repomd.xml.asc gpg: assuming signed data in 'repomd.xml' gpg: Signature made Sat 11 May 2024 02:01:32 AM CEST gpg: using RSA key 35A2F86E29B700A4 I think we switched the key, but we still put the old key next to it? Who can fix this? It break testing SUSE Manager and Uyuni