http://fedora.redhat.com/ and GPG Signatures
Jesse Keating
jkeating at j2solutions.net
Fri Apr 23 21:22:40 UTC 2004
On Friday 23 April 2004 13:56, CJ Kucera wrote:
> Two links are given for the primary Fedora package signing key, one
> at fedora.redhat.com, and the other at the public keyserver
> pgp.mit.edu. I've been trying to figure out why the key I've been
> using hasn't been validating RPMs properly, and as it turns out, the
> key being given at pgp.mit.edu is *different* from the key at
> fedora.redhat.com.
>
> This was a bit confusing, as both keys had the same datestamp and the
> same ID, so I've been beating my head against the wall for some time
> now. The one hosted at fedora.redhat.com works, the one at
> pgp.mit.edu doesn't. Now obviously the one at pgp.mit.edu should
> probably be updated somehow to be the correct key, but in the
> meantime it'd be great if the website mentioned something along the
> lines of, "don't grab the one at pgp.mit.edu because it won't work"
> and take that link off of there, so that people like me who generally
> *only* use public keyservers won't spend a lot of time confused. :)
Could it be that the one on the keyserver has been signed by various
folks? Rpm checking against keys that have been signed is a no-no,
which is why Fedora offers up a unsigned key on their website for
usage. The one on the server is signed to verify validity.
--
Jesse Keating RHCE (geek.j2solutions.net)
Fedora Legacy Team (www.fedoralegacy.org)
GPG Public Key (geek.j2solutions.net/jkeating.j2solutions.pub)
Was I helpful? Let others know:
http://svcs.affero.net/rm.php?r=jkeating
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20040423/b7972cec/attachment-0002.bin
More information about the devel
mailing list