URL:
<http://savannah.gnu.org/bugs/?25791>
Summary: grep-2.5.4 source tarball signed with
wrong/inaccessible public key
Project: grep
Submitted by: brendaarkle
Submitted on: Sun 08 Mar 2009 11:26:42 AM GMT
Category: None
Severity: 3 - Normal
Item Group: None
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
I've just downloaded grep-2.5.4.tar.bz2 and its accompanying
.sig file.
gpg --verify *.sig produced...
gpg: Signature made Tue 10 Feb 2009 04:42:18 GMT using DSA key ID 9F759EEC
gpg: Can't check signature: public key not found
My "fetch" script (running from the MIT server) said the
key wasn't found.
Searching on the web for 9F759EEC produced a link to
https://savannah.gnu.org/project/memberlist-gpgkeys.php?group=grep
which no longer has a trace of this key Moreover, it helpfully
tells me that I can import the keyring into gpg after
downloading it, but not where I can find it in the first place.
Clearly, this is a key which used to exist but has now been
withdrawn... but still, what is going on?
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?25791>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
