kevin reported a new issue against the project: `fedora-websites` that you are following:
``
See:
https://bugzilla.redhat.com/show_bug.cgi?id=1485017
"First: I suspect that this is not an issue to worry about, but to be absolutely
shure, I'm reporting this.
Second: This might be an error in gpg; I would like this to be decided by
someone who has more knowledge about keys, deployment and such matters.
Running
gpg --verify-files *-CHECKSUM
on Fedora-Workstation-netinst-x86_64-26-1.5.iso succeeds.
However, the key used is reported to have a fingerprint that differs from what
it should be by an extra space character between two groups of characters.
The key was downloaded with
curl
https://getfedora.org/static/fedora.gpg | gpg --import
Version-Release number of selected component (if applicable):
Fedora-Workstation-netinst-x86_64-26-1.5.iso
Fedora-Workstation-26-1.5-x86_64-CHECKSUM
How reproducible:
This is run on Fedora 24, no updates available. (I know it's EOL, but I don't
think that is relevant unless this is a gpg bug that is fixed in later
versions. I couldn't find any bug reports relevant to this.)
Steps to Reproduce:
1.
$ LANG=en gpg --verify-files *-CHECKSUM
gpg: Signature made Fri Jul 7 17:13:31 2017 CEST using RSA key ID 64DAB85D
gpg: Good signature from "Fedora 26 Primary (26)
<fedora-26-primary(a)fedoraproject.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Primary key fingerprint: E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D
$
2.
Compare fingerprint to Fedora 26 primary fingerprint on website at
https://getfedora.org/en/keys/
Actual results:
E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D
^
Extra space here
Expected results:
E641 850B 77DF 4353 78D1 D7E2 812A 6B4B 64DA B85D
Additional info:
I believe that the spaces are just for readability, and that they are not
included in the actual fingerprints. Still, with keys being as important as
they are, any confusion regarding their validity should be removed."
``
To reply, visit the link below or just reply to this email
https://pagure.io/fedora-websites/issue/707