I do not seem to be able to verify the PGP signature for ossec-wui-0.3.tar.gz It appears to me that the available public key is different from the one used to sign the archive.
It appears to me that the sig was made w/ 6B30327E, but OSSEC-PGP-KEY.asc is A3901351 Am I missing something here? What am I doing wrong? root@host:~/working# wget -q http://www.ossec.net/files/ossec-wui-0.3-checksum.txt root@host:~/working# cat ossec-wui-0.3-checksum.txt MD5 (ossec-wui-0.3.tar.gz) = c79fa486e9a20fb06a517541033af304 SHA1 (ossec-wui-0.3.tar.gz) = e00bff680721982ee55295a5292eb4e2a638b820 root@host:~/working# md5sum ossec-wui-0.3.tar.gz c79fa486e9a20fb06a517541033af304 ossec-wui-0.3.tar.gz root@host:~/working# sha1sum ossec-wui-0.3.tar.gz e00bff680721982ee55295a5292eb4e2a638b820 ossec-wui-0.3.tar.gz root@host:~/working# wget -q http://www.ossec.net/files/OSSEC-PGP-KEY.asc root@host:~/working# gpg --import OSSEC-PGP-KEY.asc gpg: key A3901351: public key "Daniel B. Cid <d...@ossec.net>" imported gpg: Total number processed: 1 gpg: imported: 1 (RSA: 1) root@host:~/working# gpg --verify ossec-wui-0.3.tar.gz.sig gpg: Signature made Tue 04 Mar 2008 12:27:59 PM CST using RSA key ID 6B30327E gpg: Can't check signature: public key not found -- --- You received this message because you are subscribed to the Google Groups "ossec-list" group. To unsubscribe from this group and stop receiving emails from it, send an email to ossec-list+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.