On Friday, March 14, 2014 07:19:09 Marcus Meissner wrote:
On Fri, Mar 14, 2014 at 02:00:34AM +0200, Uwe Geuder wrote:
Hi!
Today packages signed with key ID b3fd7e48 have appeared in openSUSE repo-update. I get warnings that this is an unknown key. Can somebody advice how to verify that it is a legitimate key?
More details at https://forums.opensuse.org/showthread.php/496213-zypper-up-found-no-key-b ut-still-installed-packages Thanks for the report...
This key is the build key for the openSUSE:Maintenance staging area.
It should not have been used for the released update itself (the RPMs are resigned before release).
Ciao, Marcus
Good, I thought I was going crazy over here:) But, this raises another point: How is it possible for apper to install packages without key/wrong key? The packages are served over plain http, above shouldn't be acceptable? Or am I misunderstanding something here, I'd appreciate clarification if possible. Kind regards, Jason -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org