Hi, a general question: When "zypper ref" tells me e.g. New repository or package signing key received: Repository: isv:ownCloud:desktop Key Name: isv:ownCloud OBS Project <isv:ownCloud@build.opensuse.org> Key Fingerprint: 1B07204C D71B690D 409F57D2 4ABE1AC7 557BEFF9 Key Created: So 25 Sep 2016 23:09:22 CEST Key Expires: Di 04 Dez 2018 22:09:22 CET Rpm Name: gpg-pubkey-557beff9-57e83d02 what is the correct and most reliable/secure way to check if I can trust this key ? I thought ok, let's check the OBS Webpages of this repo ... https://build.opensuse.org/project/show/isv:ownCloud:desktop but I found no hint about signing keys. -- Best regards/Schöne Grüße Martin A: Because it breaks the logical sequence of discussion Q: Why is top posting bad? () ascii ribbon campaign - against html e-mail /\ - against proprietary attachments Geschenkideen, Accessoires, Seifen, Kulinarisches: www.lillehus.at -- To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-buildservice+owner@opensuse.org