On Wednesday 26 Nov 2003 7:48 pm, Dick Gevers wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Wed, 26 Nov 2003 14:18:48 +0000, Keith Powell > <[EMAIL PROTECTED]> wrote about Re: [newbie] Bad > signatures in > > 9.2: > >I installed the download edition of 9.2 from magazine cover disks, > > but KPPP did not install. So I installed it from the CDs using MCC. > > When I installed it, there was the "bad signature" message, which I > > ignored. I could not understand why there was this message with a > > package which was on the CDs. I then downloaded and installed the > > security updates (which were clear of the error message). Next I > > downloaded and installed a package from "Contrib" and got the error > > message. > > > >Then I downloaded and installed all the other updates. These too > > were clear of the signature error message. > > > >Now, installing packages from the CDs don't give the "bad signature" > >message, but installing packages from "Contrib" do. > > > >I was wondering why the "Contrib" repository was giving the error > >messages with Mandrake9.2, when it didn't with earlier versions. > > Should I try to solve the bad signature message problem, or ignore > > it? That was the reason for my posting. I hadn't seen anyone else > > reporting this happening. > > > >Hope this is a bit clearer. > > Okay clear. There are 2 separate things here: packages on CD for > which the signature checks and packages on the same CD`s for which > the signature does not check. In principle that ought not to be > possible, but, I have the same CD`s and see on Installation CD No. 2: > kdenetwork-kppp-3.1.3-37mdk.i586.rpm > > when I go to /mnt/cdrom/Mandrake/RPMS and > type (as root) > rpm -K *kppp* I get: > kdenetwork-kppp-3.1.3-37mdk.i586.rpm: (sha1) dsa sha1 md5 gpg OK > > so the signature *is* okay. > > If I go into MCC -> Software management -> Software Media Manager -> > Manage Keys I see that CD # 2 has the original MD key # 70771FF3 next > to it. > > So I can only assume that if and when you have bad signature message > that at that time your rpm database was corrupt or the key was not > associated to CD # 2. > > As far as the Contrib & Cooker packages are concerned, I understood > that had been a lot of discussion about those, and it will apparently > not be possible to authenticate them all (this isn`t new, the same > applied to 9.1 packages in these categories). > > However if you look at the information page per rpm in rpmsearch > (e.g. on MandrakeClub) you should see already mention of the key with > which it has been signed, if any and if so which. In the latter case > you can obtain the key as previously described and add it to your > rpm-keyring. If it is not signed at all, you should consider whether > or not you want to install it. If it has a high securety impact for > you, you should not install an unsigned package. > > In such case, PH you might ask the contributor to add his personal > GnuPG signature to the package. >
Thanks for the extra information, Dick. I'll work on it over the week-end and see follow your advice. Been too busy the last couple of days to do anything about it. Cheers Keith
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
