Hello, I believe you should report this to the OSG folks: https://support.opensciencegrid.org/helpdesk/tickets/new
Pat On Sun, 2020-09-06 at 13:28 +0000, Charles Elsaesser wrote: > Ss written on page > https://opensciencegrid.org/docs/release/supported_platforms/ > package > /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4- > 9.osg34.el7.noarch.rpm > downloaded using > yum install osg-release on SL-8 > is not signed by OSG > > So when installing osg-release on SL-8 , following sequence is > printed > > Mise à jour : > osg-release > noarch 3.4- > 9.osg34.el7 osg > 12 k > > Résumé de la transaction > ===================================================================== > ===================================================================== > ============ > Mettre à jour 1 Paquet > > Taille totale : 12 k > Is this ok [y/d/N]: y > Downloading packages: > attention : /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4- > 9.osg34.el7.noarch.rpm: Entête V4 DSA/SHA1 Signature, clé ID > 824b8603: NOKEY > Récupération de la clé à partir de file:///etc/pki/rpm-gpg/RPM-GPG- > KEY-OSG > Importation de la clef GPG 0x824B8603 : > ID utilisateur : « OSG Software Team (RPM Signing Key for Koji > Packages) <[email protected]> » > Empreinte : 6459 d9d2 aaa9 ab67 a251 fb44 2110 b1c8 824b 8603 > Paquet : osg-release-3.4-8.el7.noarch (@repos) > Provient de : /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG > Est-ce correct [o/N] : > > > Fingerprint is different from key announced on > https://opensciencegrid.org/docs/release/signing/ > > The OSG Packaging Signing Key¶ > > Location /etc/pki/rpm-gpg/RPM-GPG-KEY-OSG > Download UW-Madison, GitHub > Fingerprint 6459 !D9D2 AAA9 AB67 A251 FB44 2110 !B1C8 824B 8603 > Key ID 824b8603 > > Do the upper or lower cases on GPG-fingerprints have no importance ? > > Practically can the downloaded package > /var/cache/yum/x86_64/7/osg/packages/osg-release-3.4- > 9.osg34.el7.noarch.rpm > be trusted? > > Thank you for you advices > > Charles
