On Wed, 28 Apr 2021 23:05:42 +0200 cagsm wrote:
apparently, the missing key on the whole internet (only checked pgp.mit.edu and some open keyservers though)
is
0x9c214d4065176565
for example the welcome open suse ahoy fun application is signed by it. what gives? who provides that key and from where? why isnt it included during the dup? why isnt it included anywhere?
p.s. searchengine finds something here though: https://build.opensuse.org/project/keys_and_certificates/openSUSE:Backports:...
is this fixworthy? There exists a bug for it: https://bugzilla.opensuse.org/show_bug.cgi?id=1184326
In the bug is also documented where the missing keys can be found for manual import as workaround. And how to configure zypper or the repo settings so that unverified RPMs are not installed. Regards, Dieter