Mailinglist Archive: opensuse-buildservice (96 mails)

< Previous Next >
Re: [opensuse-buildservice] How to verify new signing keys ?
On Sat, Oct 01, 2016 at 10:04:27PM +0200, Martin Koller wrote:

a general question:
When "zypper ref" tells me e.g.

New repository or package signing key received:

Repository: isv:ownCloud:desktop
Key Name: isv:ownCloud OBS Project <isv:ownCloud@xxxxxxxxxxxxxxxxxx>
Key Fingerprint: 1B07204C D71B690D 409F57D2 4ABE1AC7 557BEFF9
Key Created: So 25 Sep 2016 23:09:22 CEST
Key Expires: Di 04 Dez 2018 22:09:22 CET
Rpm Name: gpg-pubkey-557beff9-57e83d02

what is the correct and most reliable/secure way to check if I can trust this
key ?

I thought ok, let's check the OBS Webpages of this repo ...
but I found no hint about signing keys.

You can use

osc signkey isv:ownCloud:desktop

Which will retrieve it from over HTTPS.

Ciao, Marcus
To unsubscribe, e-mail: opensuse-buildservice+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-buildservice+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation