On Thu, Jul 02, 2020 at 05:32:47PM +0300, Andrei Borzenkov wrote:
See https://forums.opensuse.org/showthread.php/540728-GPG-verification-of-the-Le...
Tux@TuxBox:/home/openSUSE Leap 15.2/> gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256 gpg: Signature made Tue 30 Jun 2020 09:52:45 AM MDT gpg: using RSA key 70AF9E8139DB7C82 gpg: Can't check signature: No public key
For all I can tell 70AF9E8139DB7C82 != 22C07BA534178CD02EFE22AAB88B2FD43DBDC284 which is mentioned on the download page.
It is actually signed by our internal SUSE signing key, not the openSUSE signing key. This key is in openSUSE-build-key on running Leap / Tumbleweed too. /usr/lib/rpm/gnupg/keys/gpg-pubkey-39db7c82-5847eb1f.asc Ciao, Marcus -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org