I was seeing this to verify the repo for Rocky 8, but it’s not in the Rocky 9 image repos.
Wondered if that was a mistake, or if I should verify the repo signature another way?
Thanks
Due to how keykeeper (the signing tool in peridot, our build system) operates, it is not allowed to sign arbitrary files outside of the build system.
Checksums can also be verified in our github repo, where the commits are signed by verified GPG keys, until we can find a way to have signed checksum files in our mirrors that does not violate the integrity and security design of our build system infrastructure.