-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, 26 Nov 2003 14:18:48 +0000, Keith Powell <[EMAIL PROTECTED]> wrote about Re: [newbie] Bad signatures in 9.2:
>I installed the download edition of 9.2 from magazine cover disks, but >KPPP did not install. So I installed it from the CDs using MCC. When I >installed it, there was the "bad signature" message, which I ignored. I >could not understand why there was this message with a package which >was on the CDs. I then downloaded and installed the security updates >(which were clear of the error message). Next I downloaded and >installed a package from "Contrib" and got the error message. > >Then I downloaded and installed all the other updates. These too were >clear of the signature error message. > >Now, installing packages from the CDs don't give the "bad signature" >message, but installing packages from "Contrib" do. > >I was wondering why the "Contrib" repository was giving the error >messages with Mandrake9.2, when it didn't with earlier versions. Should >I try to solve the bad signature message problem, or ignore it? That >was the reason for my posting. I hadn't seen anyone else reporting this >happening. > >Hope this is a bit clearer. Okay clear. There are 2 separate things here: packages on CD for which the signature checks and packages on the same CD`s for which the signature does not check. In principle that ought not to be possible, but, I have the same CD`s and see on Installation CD No. 2: kdenetwork-kppp-3.1.3-37mdk.i586.rpm when I go to /mnt/cdrom/Mandrake/RPMS and type (as root) rpm -K *kppp* I get: kdenetwork-kppp-3.1.3-37mdk.i586.rpm: (sha1) dsa sha1 md5 gpg OK so the signature *is* okay. If I go into MCC -> Software management -> Software Media Manager -> Manage Keys I see that CD # 2 has the original MD key # 70771FF3 next to it. So I can only assume that if and when you have bad signature message that at that time your rpm database was corrupt or the key was not associated to CD # 2. As far as the Contrib & Cooker packages are concerned, I understood that had been a lot of discussion about those, and it will apparently not be possible to authenticate them all (this isn`t new, the same applied to 9.1 packages in these categories). However if you look at the information page per rpm in rpmsearch (e.g. on MandrakeClub) you should see already mention of the key with which it has been signed, if any and if so which. In the latter case you can obtain the key as previously described and add it to your rpm-keyring. If it is not signed at all, you should consider whether or not you want to install it. If it has a high securety impact for you, you should not install an unsigned package. In such case, PH you might ask the contributor to add his personal GnuPG signature to the package. Regards, =Dick Gevers= -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (GNU/Linux) Comment: Encryption is an envelope - the contents are private. iD8DBQE/xQOZwC/zk+cxEdMRAmj/AKCB98v5S0+b+GhiHG+3mHUr9UYjnACgiSR6 IyXG6GniGqAKCJGgfxdXKI8= =VhDI -----END PGP SIGNATURE-----
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
