On OpenSUSE 12.3 notifications are issued stating that "A security trust relationship is not present. Signature verification for Repository Virtualization failed."
I'm assuming this means that the signature for the Virtualization repository (Index of /repositories/Virtualization/openSUSE_12.3) has been changed. I remember this kind of thing used to happen a lot in the past (signature keys changing on various repos) and there was no way to know if they were legit. Is there any way to verify that there was a valid reason for the key change in this repo vs. being a hacker attack or something? Just accepting the new key defeats the purpose of the signature, but without any way to communicate legitimate changes to users that's exactly what it encourages.
I'm assuming this means that the signature for the Virtualization repository (Index of /repositories/Virtualization/openSUSE_12.3) has been changed. I remember this kind of thing used to happen a lot in the past (signature keys changing on various repos) and there was no way to know if they were legit. Is there any way to verify that there was a valid reason for the key change in this repo vs. being a hacker attack or something? Just accepting the new key defeats the purpose of the signature, but without any way to communicate legitimate changes to users that's exactly what it encourages.