Freedora repo
Alexandre Oliva
lxoliva at fsfla.org
Sun Jan 4 17:14:31 UTC 2009
On Jan 2, 2009, Ufa <ufa at technotroll.org> wrote:
> I have just installed a linux-libre repo in my Fedora 10 installation, but I
> cannot verify it with the gpg keys in http://www.fsfla.org/svnwiki/selibre/
> linux-libre/download/SIGNING-KEY , so I bypassed the gpg check, it it is not
> secure enough to use like this.
I can see why you wouldn't want that.
Oddly, this arrangement works for me. Note that there are two GPG keys
in SIGNING-KEY. One is my personal key, used in the earliest
Linux-libre packages I created. The other is a key I created
specifically for Linux-libre packages.
Could you please check that, with whatever procedure you used to get the
keys into your RPM databases, you got both of them installed?
$ rpm -q gpg-pubkey-f2b920f5 gpg-pubkey-7e7d47a7
gpg-pubkey-f2b920f5-37712dbd
gpg-pubkey-7e7d47a7-487daaa5
If whatever procedure you used to get them installed didn't get them
both in, would you please let me know what it was? I've just realized
that 'rpm --import' won't import both keys in the file, but nevertheless
it imported the current key, so this should have worked.
Anyhow... I'll split the old key out of SIGNING-KEY, which should
address the problem.
Thanks for your report,
--
Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/ FSF Latin America board member
Free Software Evangelist Red Hat Brazil Compiler Engineer
More information about the linux-libre
mailing list