Signature verification failed error on openSUSE repository

I’m unable to refresh the openSUSE_Leap_15.1 repo of owncloud ( with zypper.

zypper refresh results in this error:

Signature verification failed for file 'repomd.xml' from repository 'ownCloud Server Version stable (openSUSE_Leap_15.1)'.

Note: Signing data enables the recipient to verify that no modifications occurred after the data
were signed. Accepting data with no, wrong or unknown signature can lead to a corrupted system
and in extreme cases even to a system compromise.

Note: File 'repomd.xml' is the repositories master index file. It ensures the integrity of the
whole repo.

Warning: This file was modified after it has been signed. This may have been a malicious change,
so it might not be trustworthy anymore! You should not continue unless you know it's safe.

Is there a better place to report this issue? A contact for the repo maintainers?


from what i know / have read in the past the ownCloud team is not frequently reading this forums and a contact is better done via In your specific case i had found the following statement of a repository maintainer in the past, i think this is valid for the unsupported LEAP 15.1 repo as well:

1 Like

Thanks, tom42. I’ll try there.
Not sure why you mentioned the repo is unsupported though. LEAP 15.1 is the current OpenSUSE version.

Also in this case the problem isn’t an expired key but a modification that was made after the release was signed.


i think this was a mistake from my side. :confused: I thought that LEAP 15.1 isn’t supported or an outdated release because it isn’t listed on the repository page here:

(which gets linked from But it seems this link is redirecting to:

including “attic” in the domain name. I’m not sure if the ownCloud team is phasing out the support of the repository.

Gotcha. Doesn’t help that 42.3 > 15.1 but it is in fact older, thanks to the versioning change on openSUSE’s part.

I’ve posted the issue on github; we’ll see if it receive any attention there.

1 Like