On Fri, Apr 07, 2006 at 11:25:09AM -0500, Bernie Hoefer wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
The Java2 and Java2-JRE 1.4.2-129.23 packages that were uploaded to the SuSE FTP site on March 28th don't have the same version of GPG signatures as previous Java2 packages. Thus, they cannot be verified. (Or at least I do not know how to verify them.) For example, on one of the packages that was released 2005-12-20:
===
$ rpm --checksig ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.19.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.19.i586.rpm: sha1 md5 gpg OK ===
I can verify the GPG signature. But on one of the packages that was released 2006-03-28:
===
$ rpm --checksig ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.23.i586.rpm only V3 or V4 signatures can be verified, skipping V0 signature ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.23.i586.rpm: sha1 md5 OK ===
https://bugzilla.novell.com/show_bug.cgi?id=160832 Robert -- Robert Schiele Tel.: +49-621-181-2214 Dipl.-Wirtsch.informatiker mailto:rschiele@uni-mannheim.de "Quidquid latine dictum sit, altum sonatur."