Comment # 8
on bug 1224292
from Max Lin
$ cat ../media.1/media
openSUSE - openSUSE-Leap-15.6-x86_64-aarch64-ppc64le-s390x-Build696.2-Media
openSUSE-Leap-15.6-x86_64-aarch64-ppc64le-s390x-Build696.2
1
$ gpg --keyid-format=long --show-keys --with-fingerprint repomd.xml.key
pub rsa2048/B88B2FD43DBDC284 2008-11-07 [SC] [expired: 2024-05-02]
Key fingerprint = 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
uid openSUSE Project Signing Key
<opensuse@opensuse.org>
$ gpg --verify repomd.xml.asc
gpg: assuming signed data in 'repomd.xml'
gpg: Signature made Thu 16 May 2024 02:26:21 PM CST
gpg: using RSA key 35A2F86E29B700A4
gpg: Can't check signature: No public key
this is what I get from Build696.2's asset repo on openqa, it has an old key
still looks likely...