Unknown GnuPG Key

The file repomd.xml (http://dl.google.com/linux/chrome/rpm/stable/x86_64) is digitally signed with the following unknown GnuPG key:
ID: A040*********991.

This means that a trust relationship to the creator of the file cannot be established. Using the file may put the integrity of your system at risk.

Use it anyway?
I think it really means that somebody somewhere needs to sync up with Google with these silly signed token thingies.
Google may be reneging on the “don’t be evil”, but I’m going to click “yes” on the theory that a repo they own is not malicious.

Who can fix this GPG key issue?


gpg2 --recv-keys A040830F7FAC5991
gpg: requesting key 7FAC5991 from hkp server keys.gnupg.net
gpg: key 7FAC5991: public key "Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>" imported
gpg: no ultimately trusted keys found
gpg: Total number processed: 1
gpg:               imported: 1
gpg2 --fingerprint 7FAC5991
pub   1024D/7FAC5991 2007-03-08
      Key fingerprint = 4CCA 1EAF 950C EE4A B839  76DC A040 830F 7FAC 5991
uid        unknown] Google, Inc. Linux Package Signing Key <linux-packages-keymaster@google.com>
sub   2048g/C07CB649 2007-03-08

I cannot decipher from your response exactly what I ought to tell “linux-packages-keymaster” at Google to do.
Should I just assume that he/she would know, or are there some explicit instructions I could give them?
It is really quite a nuisance. Thank you.

I downloaded the rpm and checked it…

 rpm -vK google-chrome-stable_current_x86_64.rpm
    Header V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY
    Header SHA1 digest: OK (35344e8b86c1523f997b605206c413558b3cc15a)
    MD5 digest: OK (b366fb47eb593cfe90b68ba4e6dab782)
    V4 DSA/SHA1 Signature, key ID 7fac5991: NOKEY

So the keys do match, AFAIK they have not signed the rpm (NOKEY), if you have accepted their key, all should be good. I tend to just use the rpm to install, they add a repo, cronjob etc which I prefer not to have unauthorized access to update/change the system…