Am Thu, 2 Jul 2020 15:10:01 +0000
schrieb Lubos Kocman :
we have to fix this issue! Can somebody please sign .sha256 files with
the openSUSE key?
https://forums.opensuse.org/showthread.php/540728-GPG-verification-of-the-Le...
Looks like someone already signed the files in OBS with the
opensuse@opensuse.org signing key and did not copy it over to
download.opensuse.org.
I replaced the files there now with the ones from OBS.
With the B88B2FD43DBDC284 key in my keyring, I get:
~> gpg --verify openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
gpg: Signature made Thu Jul 2 15:17:06 2020 UTC
gpg: using RSA key B88B2FD43DBDC284
gpg: Good signature from "openSUSE Project Signing Key
" [unknown] gpg: WARNING: This key is not
certified with a trusted signature! gpg: There is no
indication that the signature belongs to the owner. Primary key
fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
~> gpg --verify openSUSE-Leap-15.2-NET-x86_64.iso.sha256
gpg: Signature made Thu Jul 2 15:15:57 2020 UTC
gpg: using RSA key B88B2FD43DBDC284
gpg: Good signature from "openSUSE Project Signing Key
" [unknown] gpg: WARNING: This key is not
certified with a trusted signature! gpg: There is no
indication that the signature belongs to the owner. Primary key
fingerprint: 22C0 7BA5 3417 8CD0 2EFE 22AA B88B 2FD4 3DBD C284
...and just for the record: we have quite a few keys that we can use to
sign the iso images, so better tell us which key we should use to
resign ;-)
Regards,
Lars
--
To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org
To contact the owner, e-mail: heroes+owner@opensuse.org