New NVIDIA key never expiring?

A zypper dup on a machine with NVIDIA repo gave me today:

sudo zypper dup
[sudo] password for root: 
Refreshing service 'NVIDIA'.
Refreshing service 'openSUSE'.

New repository or package signing key received:

  Repository:       repo-non-free
  Key Fingerprint:  2FB0 3195 DECD 4949 2BD1 C17A B1D0 D788 DB27 FD5A
  Key Name:         NVIDIA Linux Driver Team <linux-bugs@nvidia.com>
  Key Algorithm:    RSA 4096
  Key Created:      Fri 15 Apr 2022 00:04:01 CEST
  Key Expires:      (does not expire)
  Rpm Name:         gpg-pubkey-db27fd5a-62589a51



    Note: Signing data enables the recipient to verify that no modifications occurred after the data
    were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
    and in extreme cases even to a system compromise.

    Note: A GPG pubkey is clearly identified by its fingerprint. Do not rely on the key's name. If
    you are not sure whether the presented key is authentic, ask the repository provider or check
    their web site. Many providers maintain a web page showing the fingerprints of the GPG keys they
    are using.

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/?] (r): 

Really? A key that never expires?

@suse_rasputin https://news.opensuse.org/2024/06/12/new-NVIDIA-signing-key/ there is info there on where to ask if have questions…

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.