Hello,

I believe you should report this to the OSG folks: 
https://support.opensciencegrid.org/helpdesk/tickets/new

Pat

On Sun, 2020-09-06 at 13:28 +0000, Charles Elsaesser wrote:
> Ss written on page
> https://opensciencegrid.org/docs/release/supported_platforms/
> package
> /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-
> 9.osg34.el7.noarch.rpm
> downloaded using
> yum install osg-release on SL-8
> is not signed by OSG
> 
> So when installing osg-release on SL-8 , following sequence is
> printed
> 
> Mise à jour :
>  osg-release                          
> noarch                           3.4-
> 9.osg34.el7                           osg                           
> 12 k
> 
> Résumé de la transaction
> =====================================================================
> =====================================================================
> ============
> Mettre à jour  1 Paquet
> 
> Taille totale  : 12 k
> Is this ok [y/d/N]: y
> Downloading packages:
> attention : /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-
> 9.osg34.el7.noarch.rpm: Entête V4 DSA/SHA1 Signature, clé ID
> 824b8603: NOKEY
> Récupération de la clé à partir de file:///etc/pki/rpm-gpg/RPM-GPG-
> KEY-OSG
> Importation de la clef GPG 0x824B8603 :
> ID utilisateur : « OSG Software Team (RPM Signing Key for Koji
> Packages) <[email protected]> »
> Empreinte      : 6459 d9d2 aaa9 ab67 a251 fb44 2110 b1c8 824b 8603
> Paquet         : osg-release-3.4-8.el7.noarch (@repos)
> Provient de    : /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG
> Est-ce correct [o/N] : 
> 
> 
> Fingerprint is different from key announced on
> https://opensciencegrid.org/docs/release/signing/
> 
> The OSG Packaging Signing Key¶
>  
> Location     /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG
> Download     UW-Madison, GitHub
> Fingerprint     6459 !D9D2 AAA9 AB67 A251 FB44 2110 !B1C8 824B 8603
> Key ID     824b8603
> 
> Do the upper or lower cases on GPG-fingerprints have no importance ?
> 
> Practically can the downloaded package
> /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4-
> 9.osg34.el7.noarch.rpm
> be trusted?
> 
> Thank you for you advices
> 
> Charles

Reply via email to