Hi! Today I wanted to add some community repositories as installation sources, more specifically stuff from the OpenSuse Build Service. Yast complained about an untrusted key, since the public key of the build service is not included in the distribution (not to be confused with the build key, which is included). Of course I could just press the "OK" button, or download the key from [1], import it and never be bothered again. But that key has no signatures and is transmitted via http, so I still do not know if I have the right key. Is there any way of securely retrieving the authentic public key of the build service without traveling to Nuremberg? How is the average user supposed to do that? Happy Holidays nordi [1] http://download.opensuse.org/openSUSE-Build-Service.asc --------------------------------------------------------------------- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-security+help@opensuse.org