Online Updated prompted me today to import a new key that was created today for the KDE4 Community repository (SUSE 11.2). How can I verify the key’s signature? How can I make sure that the repository has not been hacked and the key I am going to import is the correct key.
I was expecting a note somewhere on the openSUSE website about the new key or a list of currently valid keys, where I can compare the signatures. But I could not find such a list or so.
I don’t know how you would go about verifying the key. I think it may have something to do with the kde upgrade, but I don’t know.
I have also failed to find any reference regarding what keys are currently in use by the various repositories.
The same thing.
How can we ensure the repository was not hacked?