Bug ID | 1223095 |
---|---|
Summary | Repository "Validation Check Failed" |
Classification | openSUSE |
Product | openSUSE Distribution |
Version | Leap 15.5 |
Hardware | Other |
OS | Other |
Status | NEW |
Severity | Normal |
Priority | P5 - None |
Component | YaST2 |
Assignee | yast2-maintainers@suse.de |
Reporter | garian.nobinger@gmail.com |
QA Contact | jsrain@suse.com |
Target Milestone | --- |
Found By | --- |
Blocker | --- |
Going from Yast2 to Software Manager, in the last couple months I've started getting a popup saying: Validation Check Failed (in bold) File repomd.xml from repository update-sle (15.5) http://cdn.opensuse.org/update/leap/15.5/sle is signed with the following GnuPG key, but the integrity check failed: ID: 70AF9E8139DB7C82 Fingerprint: FEAB 5025 39D8 46DB 2C09 61CA 70AF 9E81 39DB 7C82 Name: SuSE Package Signing Key <build@suse.de> Created: 09/21/2020 Expires: 09/20/2024 The file has been changed, either by accident or by an attacker, since the repository creator signed it. Using it is a big risk for the integrity and security of your system. Use it anyway? Y/N Ive gone to https://en.opensuse.org/openSUSE:Signing_Keys and looked for a matching key, but don't see one. So I hesitate to blindly trust it. What's the deal with repo signatures suddenly breaking? I've ignored this for a few months thinking it was probably a temporary mistake that would get resolved, but so far hasn't gone away.