On Mon, Sep 21, 2009 at 04:58:51PM +0200, Michael Ströder wrote:
Peter Poeml wrote:
On Wed, Apr 01, 2009 at 06:43:16PM +0200, Michael Ströder wrote: [...]
Hmm, I had tried it several times from different systems. Now it worked probably from another mirror. IMO zypper should display from which mirror server the repo file was obtained if signature verification failed.
Yes, it should. That's why I requested this feature: https://features.opensuse.org/305320
Following up to a really old thread from April 2009.
Now(!) it happens again.
Signature verification failed for file 'repomd.xml' from repository 'openSUSE-11.1-Update'. Warning: This might be caused by a malicious change in the file! Continuing might be risky. Continue anyway? [yes/NO]:
It seems to be the server pontifex.opensuse.org (195.135.221.130)
Any clue what happened?
When we approve 2 updates in a row and the mirror is synching the metadata might come out of sync briefly. Just wait a bit and it should go away again. Ciao, Marcus -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org