[opensuse] New key for the ATI Repo?
YaST2 and openSUSE-updater are complaining that the signing key used on the
ATI repo does not match the key that I accepted when I added the repo. The
exact error that YaST2 is giving me is:
Validation Check Failed
File repomd.xml
is signed with the following GnuPG key, but the integrity check failed:
ID A794DEA1FC2D149
Fingerprint: 7D6F 1AF2 6CD1 D227 CD54 4AAE A794 D9EA 1FC2 D149
Name: ATI Linux Software (ATI-REPO.ZIP)
On Fri, Aug 8, 2008 at 11:49 AM, Adam Jimerson
YaST2 and openSUSE-updater are complaining that the signing key used on the ATI repo does not match the key that I accepted when I added the repo. The exact error that YaST2 is giving me is:
Validation Check Failed
File repomd.xml is signed with the following GnuPG key, but the integrity check failed:
ID A794DEA1FC2D149 Fingerprint: 7D6F 1AF2 6CD1 D227 CD54 4AAE A794 D9EA 1FC2 D149 Name: ATI Linux Software (ATI-REPO.ZIP)
Created: 06/12/2008 Expires: 06/12/2009 This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system.
Use it anyway? Yes/No buttons
I'm going to hit No, but did the ATI repo get a new key? I am sending this to the email address the signed key as hoping that someone on ATI's side will have an answer also. -- "We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure." Karl Popper
Good question. A search on the address atilinuxsoftware@ati.com reports two keys generated in June of 2006 and June 2007, so maybe they have a practice of changing keys yearly. Never the less, the key you posted does not verify for me either regardless of which of the several key servers I used. -- ----------JSA--------- There are 10 kinds of people in this world, those that can read binary and those that can't. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Aug 8, 2008 at 12:23 PM, John Andersen
On Fri, Aug 8, 2008 at 11:49 AM, Adam Jimerson
wrote: YaST2 and openSUSE-updater are complaining that the signing key used on the ATI repo does not match the key that I accepted when I added the repo. The exact error that YaST2 is giving me is:
Validation Check Failed
File repomd.xml is signed with the following GnuPG key, but the integrity check failed:
ID A794DEA1FC2D149 Fingerprint: 7D6F 1AF2 6CD1 D227 CD54 4AAE A794 D9EA 1FC2 D149 Name: ATI Linux Software (ATI-REPO.ZIP)
Created: 06/12/2008 Expires: 06/12/2009 This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system.
Use it anyway? Yes/No buttons
I'm going to hit No, but did the ATI repo get a new key? I am sending this to the email address the signed key as hoping that someone on ATI's side will have an answer also. -- "We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure." Karl Popper
Good question. A search on the address atilinuxsoftware@ati.com reports two keys generated in June of 2006 and June 2007, so maybe they have a practice of changing keys yearly.
Never the less, the key you posted does not verify for me either regardless of which of the several key servers I used.
I've just determined that all of the published keys for atilinuxsoftware@ati.com have a one year expiration date. So it seems that this change was planned, but someone forgot to publish the new key to any key servers. -- ----------JSA--------- There are 10 kinds of people in this world, those that can read binary and those that can't. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Friday 08 August 2008 3:32:09 pm John Andersen wrote:
On Fri, Aug 8, 2008 at 12:23 PM, John Andersen
wrote: On Fri, Aug 8, 2008 at 11:49 AM, Adam Jimerson
wrote: YaST2 and openSUSE-updater are complaining that the signing key used on the ATI repo does not match the key that I accepted when I added the repo. The exact error that YaST2 is giving me is:
Validation Check Failed
File repomd.xml is signed with the following GnuPG key, but the integrity check failed:
ID A794DEA1FC2D149 Fingerprint: 7D6F 1AF2 6CD1 D227 CD54 4AAE A794 D9EA 1FC2 D149 Name: ATI Linux Software (ATI-REPO.ZIP)
Created: 06/12/2008 Expires: 06/12/2009 This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system.
Use it anyway? Yes/No buttons
I'm going to hit No, but did the ATI repo get a new key? I am sending this to the email address the signed key as hoping that someone on ATI's side will have an answer also. -- "We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure." Karl Popper
Good question. A search on the address atilinuxsoftware@ati.com reports two keys generated in June of 2006 and June 2007, so maybe they have a practice of changing keys yearly.
Never the less, the key you posted does not verify for me either regardless of which of the several key servers I used.
I've just determined that all of the published keys for atilinuxsoftware@ati.com have a one year expiration date.
So it seems that this change was planned, but someone forgot to publish the new key to any key servers.
But the above key was created this year, so if they make a new one yearly why make a new one so soon? They shouldn't have to make a new one until 2009-2010, unless something happened to the above key right? -- "We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure." Karl Popper
On Fri, Aug 8, 2008 at 5:06 PM, Adam Jimerson
On Friday 08 August 2008 3:32:09 pm John Andersen wrote:
On Fri, Aug 8, 2008 at 12:23 PM, John Andersen
wrote: On Fri, Aug 8, 2008 at 11:49 AM, Adam Jimerson
wrote: YaST2 and openSUSE-updater are complaining that the signing key used on the ATI repo does not match the key that I accepted when I added the repo. The exact error that YaST2 is giving me is:
Validation Check Failed
File repomd.xml is signed with the following GnuPG key, but the integrity check failed:
ID A794DEA1FC2D149 Fingerprint: 7D6F 1AF2 6CD1 D227 CD54 4AAE A794 D9EA 1FC2 D149 Name: ATI Linux Software (ATI-REPO.ZIP)
Created: 06/12/2008 Expires: 06/12/2009 This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system.
Use it anyway? Yes/No buttons
I'm going to hit No, but did the ATI repo get a new key? I am sending this to the email address the signed key as hoping that someone on ATI's side will have an answer also. -- "We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure." Karl Popper
Good question. A search on the address atilinuxsoftware@ati.com reports two keys generated in June of 2006 and June 2007, so maybe they have a practice of changing keys yearly.
Never the less, the key you posted does not verify for me either regardless of which of the several key servers I used.
I've just determined that all of the published keys for atilinuxsoftware@ati.com have a one year expiration date.
So it seems that this change was planned, but someone forgot to publish the new key to any key servers.
But the above key was created this year, so if they make a new one yearly why make a new one so soon? They shouldn't have to make a new one until 2009-2010, unless something happened to the above key right?
The most recent key on the key servers expired 6/1/2008. Fire up KGpg and check it yourself with the key server dialog. They simply failed to publish the new key it appears. -- ----------JSA--------- There are 10 kinds of people in this world, those that can read binary and those that can't. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Fri, Aug 8, 2008 at 2:49 PM, Adam Jimerson
YaST2 and openSUSE-updater are complaining that the signing key used on the ATI repo does not match the key that I accepted when I added the repo. The exact error that YaST2 is giving me is:
Validation Check Failed
File repomd.xml is signed with the following GnuPG key, but the integrity check failed:
ID A794DEA1FC2D149 Fingerprint: 7D6F 1AF2 6CD1 D227 CD54 4AAE A794 D9EA 1FC2 D149 Name: ATI Linux Software (ATI-REPO.ZIP)
Created: 06/12/2008 Expires: 06/12/2009 This means that the file has been changed by accident or by an attacker since the repository creator signed it. Using it is a big risk for the integrity and security of your system.
Use it anyway? Yes/No buttons
I'm going to hit No, but did the ATI repo get a new key? I am sending this to the email address the signed key as hoping that someone on ATI's side will have an answer also. -- "We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure." Karl Popper
Does ATI even provide RPM updates? I checked a few days ago and the RPM version is rather old compared to the one you can download and compile yourself. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org
On Saturday 09 August 2008 7:02:36 pm you wrote:
Does ATI even provide RPM updates? I checked a few days ago and the RPM version is rather old compared to the one you can download and compile yourself.
They use to, I don't know if they stopped doing that or they are just slow at maintaining their repo. I don't really have a problem the the older driver that I have installed, I just accidentally left the repo enabled and because of this key issue zypper and YaST were complaining about it. -- "We must plan for freedom, and not only for security, if for no other reason than only freedom can make security more secure." Karl Popper
participants (3)
-
Adam Jimerson
-
Andrew Joakimsen
-
John Andersen