Bug 1576982
Summary: | Display repository GPG key fingerprint | ||
---|---|---|---|
Product: | [Community] Copr | Reporter: | sedrubal <fedora> |
Component: | frontend | Assignee: | clime |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | unspecified | CC: | clime, praiskup |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2018-05-18 09:39:34 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
sedrubal
2018-05-10 21:41:32 UTC
If you look at the output of `dnf install`: warning: /var/cache/dnf/pipiche-rspamd-c91fc61a66ec4118/packages/rspamd-1.7.4-3.fc28.x86_64.rpm: Header V3 RSA/SHA1 Signature, key ID b055dbfe: NOKEY Importing GPG key 0xB055DBFE: Userid : "pipiche_rspamd (None) <pipiche#rspamd.org>" Fingerprint: 64A6 2EA1 C8F6 7E42 6858 930D 7BBF 5E8F B055 DBFE From : https://copr-be.cloud.fedoraproject.org/results/pipiche/rspamd/pubkey.gpg Is this ok [y/N]: The URL of the GPG key is displayed there: in this case https://copr-be.cloud.fedoraproject.org/results/pipiche/rspamd/pubkey.gpg So it's not a blind trust. You just need to additionally trust that https://copr-be.cloud.fedoraproject.org/results/pipiche/rspamd/pubkey.gpg really belongs to https://copr.fedorainfracloud.org/coprs/pipiche/rspamd/, which it does. |