Subject: | |
From: | |
Reply To: | |
Date: | Tue, 8 Sep 2020 13:42:57 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Hello,
I believe you should report this to the OSG folks:
https://support.opensciencegrid.org/helpdesk/tickets/new
Pat
On Sun, 2020-09-06 at 13:28 +0000, Charles Elsaesser wrote:
> Ss written on page
> https://opensciencegrid.org/docs/release/supported_platforms/
> package
> /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-
> 9.osg34.el7.noarch.rpm
> downloaded using
> yum install osg-release on SL-8
> is not signed by OSG
>
> So when installing osg-release on SL-8 , following sequence is
> printed
>
> Mise à jour :
> osg-release
> noarch 3.4-
> 9.osg34.el7 osg
> 12 k
>
> Résumé de la transaction
> =====================================================================
> =====================================================================
> ============
> Mettre à jour 1 Paquet
>
> Taille totale : 12 k
> Is this ok [y/d/N]: y
> Downloading packages:
> attention : /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-
> 9.osg34.el7.noarch.rpm: Entête V4 DSA/SHA1 Signature, clé ID
> 824b8603: NOKEY
> Récupération de la clé à partir de file:///etc/pki/rpm-gpg/RPM-GPG-
> KEY-OSG
> Importation de la clef GPG 0x824B8603 :
> ID utilisateur : « OSG Software Team (RPM Signing Key for Koji
> Packages) <[log in to unmask]> »
> Empreinte : 6459 d9d2 aaa9 ab67 a251 fb44 2110 b1c8 824b 8603
> Paquet : osg-release-3.4-8.el7.noarch (@repos)
> Provient de : /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG
> Est-ce correct [o/N] :
>
>
> Fingerprint is different from key announced on
> https://opensciencegrid.org/docs/release/signing/
>
> The OSG Packaging Signing Key¶
>
> Location /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG
> Download UW-Madison, GitHub
> Fingerprint 6459 !D9D2 AAA9 AB67 A251 FB44 2110 !B1C8 824B 8603
> Key ID 824b8603
>
> Do the upper or lower cases on GPG-fingerprints have no importance ?
>
> Practically can the downloaded package
> /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-
> 9.osg34.el7.noarch.rpm
> be trusted?
>
> Thank you for you advices
>
> Charles
|
|
|