On Jan 2, 2009, Ufa <[email protected]> wrote: > I have just installed a linux-libre repo in my Fedora 10 installation, but I > cannot verify it with the gpg keys in http://www.fsfla.org/svnwiki/selibre/ > linux-libre/download/SIGNING-KEY , so I bypassed the gpg check, it it is not > secure enough to use like this.
I can see why you wouldn't want that. Oddly, this arrangement works for me. Note that there are two GPG keys in SIGNING-KEY. One is my personal key, used in the earliest Linux-libre packages I created. The other is a key I created specifically for Linux-libre packages. Could you please check that, with whatever procedure you used to get the keys into your RPM databases, you got both of them installed? $ rpm -q gpg-pubkey-f2b920f5 gpg-pubkey-7e7d47a7 gpg-pubkey-f2b920f5-37712dbd gpg-pubkey-7e7d47a7-487daaa5 If whatever procedure you used to get them installed didn't get them both in, would you please let me know what it was? I've just realized that 'rpm --import' won't import both keys in the file, but nevertheless it imported the current key, so this should have worked. Anyhow... I'll split the old key out of SIGNING-KEY, which should address the problem. Thanks for your report, -- Alexandre Oliva http://www.lsd.ic.unicamp.br/~oliva/ You must be the change you wish to see in the world. -- Gandhi Be Free! -- http://FSFLA.org/ FSF Latin America board member Free Software Evangelist Red Hat Brazil Compiler Engineer _______________________________________________ linux-libre mailing list [email protected] http://www.fsfla.org/cgi-bin/mailman/listinfo/linux-libre
