This means that a trust relationship to the creator of the file cannot be established. Using the file may put the integrity of your system at risk.
Use it anyway?
I think it really means that somebody somewhere needs to sync up with Google with these silly signed token thingies.
Google may be reneging on the “don’t be evil”, but I’m going to click “yes” on the theory that a repo they own is not malicious.
I cannot decipher from your response exactly what I ought to tell “linux-packages-keymaster” at Google to do.
Should I just assume that he/she would know, or are there some explicit instructions I could give them?
It is really quite a nuisance. Thank you.
rpm -vK google-chrome-stable_current_x86_64.rpm
google-chrome-stable_current_x86_64.rpm:
Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY
Header SHA1 digest: OK (35344e8b86c1523f997b605206c413558b3cc15a)
MD5 digest: OK (b366fb47eb593cfe90b68ba4e6dab782)
V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY
So the keys do match, AFAIK they have not signed the rpm (NOKEY), if you have accepted their key, all should be good. I tend to just use the rpm to install, they add a repo, cronjob etc which I prefer not to have unauthorized access to update/change the system…