Ss written on pagehttps://opensciencegrid.org/docs/release/supported_platforms/package/var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-9.osg34.el7.noarch.rpmdownloaded usingyum install osg-release on SL-8is not signed by OSG So when installing osg-release on SL-8 , following sequence is printed Mise à jour : osg-release noarch 3.4-9.osg34.el7 osg 12 k
Résumé de la transaction ====================================================================================================================================================== Mettre à jour 1 Paquet Taille totale : 12 k Is this ok [y/d/N]: y Downloading packages: attention : /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-9.osg34.el7.noarch.rpm: Entête V4 DSA/SHA1 Signature, clé ID 824b8603: NOKEY Récupération de la clé à partir de file:///etc/pki/rpm-gpg/RPM-GPG-KEY-OSG Importation de la clef GPG 0x824B8603 : ID utilisateur : « OSG Software Team (RPM Signing Key for Koji Packages) <[email protected]> » Empreinte : 6459 d9d2 aaa9 ab67 a251 fb44 2110 b1c8 824b 8603 Paquet : osg-release-3.4-8.el7.noarch (@repos) Provient de : /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG Est-ce correct [o/N] : Fingerprint is different from key announced on https://urldefense.proofpoint.com/v2/url?u=https-3A__opensciencegrid.org_docs_release_signing_&d=DwIFaQ&c=gRgGjJ3BkIsb5y6s49QqsA&r=gd8BzeSQcySVxr0gDWSEbN-P-pgDXkdyCtaMqdCgPPdW1cyL5RIpaIYrCn8C5x2A&m=-PqEOq2pemxHbw0BM2V3EcqpxddszlZKhXscir4bpZo&s=zcmN380OkUPFo0p9vk6LGuDXWfgulbmlGPpw-was1Zk&e= The OSG Packaging Signing Key¶ Location /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG Download UW-Madison, GitHub Fingerprint 6459 !D9D2 AAA9 AB67 A251 FB44 2110 !B1C8 824B 8603 Key ID 824b8603 Do the upper or lower cases on GPG-fingerprints have no importance ? Practically can the downloaded package/var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-9.osg34.el7.noarch.rpm be trusted? Thank you for you advices Charles
