Freedora repo

Alexandre Oliva lxoliva at fsfla.org
Sun Jan 4 17:14:31 UTC 2009


On Jan  2, 2009, Ufa <ufa at technotroll.org> wrote:

> I have just installed a linux-libre repo in my Fedora 10 installation, but I
> cannot verify it with the gpg keys in http://www.fsfla.org/svnwiki/selibre/
> linux-libre/download/SIGNING-KEY , so I bypassed the gpg check, it it is not
> secure enough to use like this.

I can see why you wouldn't want that.

Oddly, this arrangement works for me.  Note that there are two GPG keys
in SIGNING-KEY.  One is my personal key, used in the earliest
Linux-libre packages I created.  The other is a key I created
specifically for Linux-libre packages.

Could you please check that, with whatever procedure you used to get the
keys into your RPM databases, you got both of them installed?

$ rpm -q gpg-pubkey-f2b920f5 gpg-pubkey-7e7d47a7
gpg-pubkey-f2b920f5-37712dbd
gpg-pubkey-7e7d47a7-487daaa5

If whatever procedure you used to get them installed didn't get them
both in, would you please let me know what it was?  I've just realized
that 'rpm --import' won't import both keys in the file, but nevertheless
it imported the current key, so this should have worked.

Anyhow...  I'll split the old key out of SIGNING-KEY, which should
address the problem.

Thanks for your report,

-- 
Alexandre Oliva           http://www.lsd.ic.unicamp.br/~oliva/
You must be the change you wish to see in the world. -- Gandhi
Be Free! -- http://FSFLA.org/   FSF Latin America board member
Free Software Evangelist      Red Hat Brazil Compiler Engineer


More information about the linux-libre mailing list