zypper: "New repository or package signing key received"

Hi,

upon e.g.

zypper se gpg

or other

zypper in ...

commands on a opensuse 13.2 machine I get the message:


New repository or package signing key received:

  Repository:       openSUSE BuildService - Education                   
  Key Name:         Education OBS Project <Education@build.opensuse.org>
  Key Fingerprint:  703D37BF 07823426 FF9F7960 C6D1B74A C0951497        
  Key Created:      Fri 18 Apr 2014 06:34:58 PM CEST                    
  Key Expires:      Sun 26 Jun 2016 06:34:58 PM CEST                    
  Rpm Name:         gpg-pubkey-c0951497-53515432                        

Do you want to reject the key, trust temporarily, or trust always? [r/t/a/? shows all options] (r): r

How can I be sure, that I can trust the keys?

Thanks, Alex

On 2015-07-22 10:26, alexhh wrote:

> How can I be sure, that I can trust the keys?

We have no method to verify keys.


Cheers / Saludos,

Carlos E. R.

(from 13.1 x86_64 “Bottle” (Minas Tirith))