SpiderOak gpg key dance
SpiderOak continue to publish their GPG key on a webpage. Apparently without it being signed by others to make verifying it easier. Cut-n-paste the RPM key from the inline here: https://spideroak.com/faq/what-is-the-rpm-signing-key-for-spideroak
sudo rpmkeys --import spideroak-87271cbf.asc
Check the signature on the package
rpmkeys -Kv SpiderOak-6.1.9-1.x86_64.rpm SpiderOak-6.1.9-1.x86_64.rpm: Header V4 DSA/SHA1 Signature, key ID 87271cbf: OK Header SHA1 digest: OK (eafd99b340fe15a6a31917ec3b5a5d9cf65e8718) MD5 digest: OK (a05a73836724c7cf2fa7cf1bbfd6fe0a) V4 DSA/SHA1 Signature, key ID 87271cbf: OK
Import it with some dissatisfaction that they do not get a bunch of signatures on their key from third parties.