Bugzilla – Bug 1219790
The build keys for OpenSUSE Slowroll are not all listed at en.opensuse.org/openSUSE:Signing_Keys
Last modified: 2024-02-10 14:06:41 UTC
The build keys for OpenSUSE Slowroll are not all listed at en.opensuse.org/openSUSE:Signing_Keys with for example the "openSUSE OBS Project" key missing. It seems to be basically impossible to install slowroll in an acceptably safe manner due to this, since zypper wants all these keys manually checked on repo switch. So this seems to be quite a showstopper unless I missed something.
It uses the openSUSE keys.
My apologies, but I'm not sure what exactly you're saying with that. My point is that the "openSUSE OBS Project" found in one of the slowroll repos is not listed on that wiki page and all repo keys should be. Sorry if I wrote that unclearly. Also, if you meant to imply that anyone already on openSUSE would already have that key, that clearly isn't the case since switching over from Leap I was prompted for them. Therefore, I suggest the ticket should be reopened and all the keys listed on the wiki so people can always find and check them, since that seems to be the point of the wiki page.
I checked again, at least one missing key is the one of the update repo: https://ftp.gwdg.de/pub/opensuse/update/slowroll/repo/oss/repodata/repomd.xml.key Fingerprint: 7E8B 87D3 15BF 9661 8A3B 297B F9A8 B79B EAE4 FD92 Key ID: openSUSE OBS Project <openSUSE@build.opensuse.org> If you check for "7E8B" you'll notice it doesn't appear on https://en.opensuse.org/openSUSE:Signing_Keys and the key's fingerprint is not listed. My apologies if it is after all and I missed something, but I'm pretty sure it's not! It would probably help people if it was.