Mailinglist Archive: opensuse-factory (435 mails)

< Previous Next >
Re: [opensuse-factory] Leap 15.2 SHA256 signing key?
On Thu, Jul 02, 2020 at 05:32:47PM +0300, Andrei Borzenkov wrote:
See
https://forums.opensuse.org/showthread.php/540728-GPG-verification-of-the-Leap-15-2-SHA256-file-fails

Tux@TuxBox:/home/openSUSE Leap 15.2/> gpg --verify
openSUSE-Leap-15.2-DVD-x86_64.iso.sha256
gpg: Signature made Tue 30 Jun 2020 09:52:45 AM MDT
gpg: using RSA key 70AF9E8139DB7C82
gpg: Can't check signature: No public key

For all I can tell 70AF9E8139DB7C82 !=
22C07BA534178CD02EFE22AAB88B2FD43DBDC284 which is mentioned on the
download page.

It is actually signed by our internal SUSE signing key, not the openSUSE
signing key.

This key is in openSUSE-build-key on running Leap / Tumbleweed too.

/usr/lib/rpm/gnupg/keys/gpg-pubkey-39db7c82-5847eb1f.asc

Ciao, Marcus
--
To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >
References