Hi,
I read about verifying signatures so I tought "I'll test it on KDE 2.2
release"
All but libxml worked ok...
This is the result I get:
jeloin:~ # rpm -v --checksig /var/downloaded/KDE/2.2/i386/libxml*.rpm
/var/downloaded/KDE/2.2/i386/libxml2-2.4.1-0.i386.rpm:
MD5 sum OK: f6fe8a14d890d0ef76315403f8c1d38b
gpg: Signature made Fri Aug 10 20:41:58 2001 CEST using DSA key ID 9C800ACA
gpg: Good signature from "SuSE Package Signing Key
On Fri, 24 Aug 2001, Roger Larsson wrote:
Hi,
I read about verifying signatures so I tought "I'll test it on KDE 2.2 release" All but libxml worked ok... This is the result I get:
jeloin:~ # rpm -v --checksig /var/downloaded/KDE/2.2/i386/libxml*.rpm /var/downloaded/KDE/2.2/i386/libxml2-2.4.1-0.i386.rpm: MD5 sum OK: f6fe8a14d890d0ef76315403f8c1d38b gpg: Signature made Fri Aug 10 20:41:58 2001 CEST using DSA key ID 9C800ACA gpg: Good signature from "SuSE Package Signing Key
"
There is no problem with the package...
gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. gpg: Fingerprint: 79C1 79B2 E1C8 20C1 890F 9994 A84E DAE8 9C80 0ACA
...it's just that you haven't yet compared the finger print over a different channel (printed manual obtained via direct order from SuSE, e. g.) and told gpg you did - for example, with lsign (DO NOT DO THAT WITHOUT CHECKING THE FINGERPRINT) or editing trust parameters. Check the GnuPG manuals for details.
participants (2)
-
Matthias Andree
-
Roger Larsson