On Wed, Feb 15, 2017 at 5:22 AM, Michael Gauthier <mike(a)silverorange.com&gt; wrote: We're not running https on resources.ovirt.org. I'm opening a ticket on infra for this. release rpms are signed, you can get gpg key manually as described in the website: $ gpg --recv-keys FE590CB7 $ gpg --list-keys --with-fingerprint FE590CB7 --- pub 2048R/FE590CB7 2014-03-30 [expires: 2021-04-03] Key fingerprint = 31A5 D783 7FAD 7CB2 86CD 3469 AB8C 4F9D FE59 0CB7 uid oVirt <infra(a)ovirt.org&gt; sub 2048R/004BC303 2014-03-30 [expires: 2021-04-03] --- $ gpg --export --armor FE590CB7 > ovirt-infra.pub # rpm --import ovirt-infra.pub -- Sandro Bonazzola Better technology. Faster innovation. Powered by community collaboration. See how it works at redhat.com