-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Java2 and Java2-JRE 1.4.2-129.23 packages that were uploaded to the SuSE FTP site on March 28th don't have the same version of GPG signatures as previous Java2 packages. Thus, they cannot be verified. (Or at least I do not know how to verify them.) For example, on one of the packages that was released 2005-12-20: ===
$ rpm --checksig ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.19.i586.rpm ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.19.i586.rpm: sha1 md5 gpg OK ===
I can verify the GPG signature. But on one of the packages that was released 2006-03-28: ===
$ rpm --checksig ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.23.i586.rpm only V3 or V4 signatures can be verified, skipping V0 signature ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/java2-1.4.2-129.23.i586.rpm: sha1 md5 OK ===
- -- Bernie Hoefer PGP e-mail is welcome! Get my 1024 bit signature key from: http://pgpkeys.mit.edu:11371/pks/lookup?op=get&search=0x446A6F93. "The more I know, the more I realize how much I do not understand." -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) iD8DBQFENpJbckGmqURqb5MRAlVaAJ4le5jc5HWhXWxkHKBQAz3iMxizOACeK2ra yGkOg+nUFCTQLrgqe7kCILE= =bnjS -----END PGP SIGNATURE-----