On Wed, Jul 8, 2009 at 11:00, Mark Martinec<[email protected]> wrote: > On Wednesday 08 July 2009 11:29:24 Justin Mason wrote: >> There will be a rules tarball alongside the main "code" tarball. See >> what's on http://people.apache.org/~jm/devel/ for 3.3.0-alpha1; >> there's one there. >> >> That can be installed using "sa-update --install /tmp/709395.tar.gz". >> >> Does that work? > > Btw, seems like the gpg key used to sign it (265FA05B) is not > the one the sa-update prints the URL for: > > > > error: GPG validation failed! > The update downloaded successfully, but it was not signed with a trusted GPG > key. Instead, it was signed with the following keys: > > 265FA05B > > Perhaps you need to import the channel's GPG key? For example: > > wget http://spamassassin.apache.org/updates/GPG.KEY > sa-update --import GPG.KEY
That's true -- it's just an example. in this case it's a different key used. However in this case we _should_ be using the main rules-signing key, not the distro-signing key, so that sa-update doesn't need special flags. my mistake. could you open a bug? --j.
